mongodb · blink1073 · Dec 12, 2025 · Dec 12, 2025 · Dec 12, 2025 · Dec 12, 2025
@@ -177,7 +177,6 @@ buildvariants:
   - name: encryption-rhel8
     tasks:
       - name: .test-non-standard
-      - name: .test-min-deps
     display_name: Encryption RHEL8
     run_on:
       - rhel87-small
@@ -208,7 +207,6 @@ buildvariants:
   - name: encryption-crypt_shared-rhel8
     tasks:
       - name: .test-non-standard
-      - name: .test-min-deps
     display_name: Encryption crypt_shared RHEL8
     run_on:
       - rhel87-small

@@ -128,7 +128,7 @@ def get_encryption_expansions(encryption):
     ):
         expansions = get_encryption_expansions(encryption)
         display_name = get_variant_name(encryption, host, **expansions)
-        tasks = [".test-non-standard", ".test-min-deps"]
+        tasks = [".test-non-standard"]
         if host != "rhel8":
             tasks = [".test-non-standard !.pypy"]
         variant = create_variant(
@@ -575,6 +575,8 @@ def create_server_version_tasks():
                 seen.add(combo)
                 tags.append("pr")
         expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology)
+        if python == ALL_PYTHONS[0]:
+            expansions["TEST_MIN_DEPS"] = "1"
         if "t" in python:
             tags.append("free-threaded")
         if python not in PYPYS and "t" not in python:
@@ -640,6 +642,8 @@ def create_test_non_standard_tasks():
         if pr:
             tags.append("pr")
         expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
+        if python == ALL_PYTHONS[0]:
+            expansions["TEST_MIN_DEPS"] = "1"
         name = get_task_name("test-non-standard", python=python, **expansions)
         server_func = FunctionCall(func="run server", vars=expansions)
         test_vars = expansions.copy()
@@ -680,6 +684,8 @@ def create_test_standard_auth_tasks():
         if pr:
             tags.append("pr")
         expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
+        if python == ALL_PYTHONS[0]:
+            expansions["TEST_MIN_DEPS"] = "1"
         name = get_task_name("test-standard-auth", python=python, **expansions)
         server_func = FunctionCall(func="run server", vars=expansions)
         test_vars = expansions.copy()
@@ -689,22 +695,6 @@ def create_test_standard_auth_tasks():
     return tasks
 
 
-def create_min_deps_tasks():
-    """For variants that support testing with minimum dependencies."""
-    tasks = []
-    for topology in TOPOLOGIES:
-        auth, ssl = get_standard_auth_ssl(topology)
-        tags = ["test-min-deps", f"{topology}-{auth}-{ssl}"]
-        expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology)
-        server_func = FunctionCall(func="run server", vars=expansions)
-        test_vars = expansions.copy()
-        test_vars["TEST_MIN_DEPS"] = "1"
-        name = get_task_name("test-min-deps", python=CPYTHONS[0], sync="sync", **test_vars)
-        test_func = FunctionCall(func="run tests", vars=test_vars)
-        tasks.append(EvgTask(name=name, tags=tags, commands=[server_func, test_func]))
-    return tasks
-
-
 def create_standard_tasks():
     """For variants that do not set a TEST_NAME."""
     tasks = []
@@ -732,6 +722,8 @@ def create_standard_tasks():
         if pr:
             tags.append("pr")
         expansions = dict(AUTH=auth, SSL=ssl, TOPOLOGY=topology, VERSION=version)
+        if python == ALL_PYTHONS[0]:
+            expansions["TEST_MIN_DEPS"] = "1"
         name = get_task_name("test-standard", python=python, sync=sync, **expansions)
         server_func = FunctionCall(func="run server", vars=expansions)
         test_vars = expansions.copy()
@@ -749,9 +741,11 @@ def create_no_orchestration_tasks():
             "test-no-orchestration",
             f"python-{python}",
         ]
-        name = get_task_name("test-no-orchestration", python=python)
         assume_func = FunctionCall(func="assume ec2 role")
         test_vars = dict(TOOLCHAIN_VERSION=python)
+        if python == ALL_PYTHONS[0]:
+            test_vars["TEST_MIN_DEPS"] = "1"
+        name = get_task_name("test-no-orchestration", **test_vars)
         test_func = FunctionCall(func="run tests", vars=test_vars)
         commands = [assume_func, test_func]
         tasks.append(EvgTask(name=name, tags=tags, commands=commands))
@@ -799,8 +793,10 @@ def create_aws_tasks():
         tags = [*base_tags, f"auth-aws-{test_type}"]
         if "t" in python:
             tags.append("free-threaded")
-        name = get_task_name(f"{base_name}-{test_type}", python=python)
         test_vars = dict(TEST_NAME="auth_aws", SUB_TEST_NAME=test_type, TOOLCHAIN_VERSION=python)
+        if python == ALL_PYTHONS[0] and test_type != "ecs":
+            test_vars["TEST_MIN_DEPS"] = "1"
+        name = get_task_name(f"{base_name}-{test_type}", **test_vars)
         test_func = FunctionCall(func="run tests", vars=test_vars)
         funcs = [server_func, assume_func, test_func]
         tasks.append(EvgTask(name=name, tags=tags, commands=funcs))
@@ -879,6 +875,8 @@ def _create_ocsp_tasks(algo, variant, server_type, base_task_name):
             TOOLCHAIN_VERSION=python,
             VERSION=version,
         )
+        if python == ALL_PYTHONS[0]:
+            vars["TEST_MIN_DEPS"] = "1"
         test_func = FunctionCall(func="run tests", vars=vars)
 
         tags = ["ocsp", f"ocsp-{algo}", version]
@@ -887,11 +885,7 @@ def _create_ocsp_tasks(algo, variant, server_type, base_task_name):
         if algo == "valid-cert-server-staples" and version == "latest":
             tags.append("pr")
 
-        task_name = get_task_name(
-            f"test-ocsp-{algo}-{base_task_name}",
-            python=python,
-            version=version,
-        )
+        task_name = get_task_name(f"test-ocsp-{algo}-{base_task_name}", **vars)
         tasks.append(EvgTask(name=task_name, tags=tags, commands=[test_func]))
 
     return tasks

@@ -42,7 +42,7 @@
     sync={"sync": "Sync", "async": "Async"},
     coverage={"1": "cov"},
     no_ext={"1": "No C"},
-    test_min_deps={True: "Min Deps"},
+    test_min_deps={"1": "Min Deps"},
 )
 HOSTS = dict()
 
@@ -171,7 +171,7 @@ def get_common_name(base: str, sep: str, **kwargs) -> str:
         display_name = f"{display_name}{sep}{version}"
     for key, value in kwargs.items():
         name = value
-        if key.lower() == "python":
+        if key.lower() in ["python", "toolchain_version"]:
             if not value.startswith("pypy"):
                 name = f"Python{value}"
             else:

@@ -45,7 +45,6 @@
 from cryptography.x509 import ExtensionNotFound as _ExtensionNotFound
 from cryptography.x509 import TLSFeature as _TLSFeature
 from cryptography.x509 import TLSFeatureType as _TLSFeatureType
-from cryptography.x509 import load_pem_x509_certificate as _load_pem_x509_certificate
 from cryptography.x509.ocsp import OCSPCertStatus as _OCSPCertStatus
 from cryptography.x509.ocsp import OCSPRequestBuilder as _OCSPRequestBuilder
 from cryptography.x509.ocsp import OCSPResponseStatus as _OCSPResponseStatus
@@ -102,19 +101,6 @@
 )
 
 
-def _load_trusted_ca_certs(cafile: str) -> list[Certificate]:
-    """Parse the tlsCAFile into a list of certificates."""
-    with open(cafile, "rb") as f:
-        data = f.read()
-
-    # Load all the certs in the file.
-    trusted_ca_certs = []
-    backend = _default_backend()
-    for cert_data in _re.findall(_CERT_REGEX, data):
-        trusted_ca_certs.append(_load_pem_x509_certificate(cert_data, backend))
-    return trusted_ca_certs
-
-
 def _get_issuer_cert(
     cert: Certificate, chain: Iterable[Certificate], trusted_ca_certs: Optional[list[Certificate]]
 ) -> Optional[Certificate]:

@@ -35,7 +35,7 @@
 from pymongo.errors import ConfigurationError as _ConfigurationError
 from pymongo.errors import _CertificateError  # type:ignore[attr-defined]
 from pymongo.ocsp_cache import _OCSPCache
-from pymongo.ocsp_support import _load_trusted_ca_certs, _ocsp_callback
+from pymongo.ocsp_support import _ocsp_callback
 from pymongo.socket_checker import SocketChecker as _SocketChecker
 from pymongo.socket_checker import _errno_from_exception
 from pymongo.write_concern import validate_boolean
@@ -322,10 +322,6 @@ def load_verify_locations(
         ssl.CERT_NONE.
         """
         self._ctx.load_verify_locations(cafile, capath)
-        # Manually load the CA certs when get_verified_chain is not available (pyopenssl<20).
-        if not hasattr(_SSL.Connection, "get_verified_chain"):
-            assert cafile is not None
-            self._callback_data.trusted_ca_certs = _load_trusted_ca_certs(cafile)
 
     def _load_certifi(self) -> None:
         """Attempt to load CA certs from certifi."""

@@ -48,11 +48,11 @@ Tracker = "https://jira.mongodb.org/projects/PYTHON/issues"
 
 [dependency-groups]
 dev = []
-pip = ["pip"]
-gevent = ["gevent>=20.6.0"]
+pip = ["pip>=20.2"]
+gevent = ["gevent>=21.12"]
 coverage = [
-    "pytest-cov",
-    "coverage>=5,<=7.10.6"
+    "pytest-cov>=4.0.0",
+    "coverage[toml]>=5,<=7.10.6"
 ]
 mockupdb = [
     "mockupdb@git+https://github.com/mongodb-labs/mongo-mockup-db@master"
@@ -61,8 +61,8 @@ perf = ["simplejson>=3.17.0"]
 typing = [
     "mypy==1.19.0",
     "pyright==1.1.407",
-    "typing_extensions",
-    "pip"
+    "typing_extensions>=3.7.4.2",
+    "pip>=20.2"
 ]
 
 # Used to call hatch_build.py

@@ -1,2 +1,2 @@
-pykerberos;os.name!='nt'
+pykerberos>=1.2.4;os.name!='nt'
 winkerberos>=0.5.0;os.name=='nt'
@@ -6,7 +6,7 @@
 # store and just use certifi on macOS.
 # https://www.pyopenssl.org/en/stable/api/ssl.html#OpenSSL.SSL.Context.set_default_verify_paths
 certifi>=2023.7.22;os.name=='nt' or sys_platform=='darwin'
-pyopenssl>=17.2.0
-requests<3.0.0
-cryptography>=2.5
-service_identity>=18.1.0
+pyopenssl>=23.2.0
+requests>=2.23.0,<3.0
+cryptography>=42.0.0
+service_identity>=23.1.0
@@ -1 +1 @@
-python-snappy
+python-snappy>=0.6.0