From 607dddf5676b406671f10aef87346afd8ba1c466 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 00:48:10 +0000
Subject: [PATCH 1/4] chore(deps): update all non-major dependencies

---
 .pre-commit-config.yaml | 2 +-
 requirements-lint.txt   | 4 ++--
 requirements-test.txt   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 94e3f782f..44d4b0f06 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -7,7 +7,7 @@ repos:
     hooks:
       - id: black
   - repo: https://github.com/commitizen-tools/commitizen
-    rev: v4.13.10
+    rev: v4.15.0
     hooks:
       - id: commitizen
         stages: [commit-msg]
diff --git a/requirements-lint.txt b/requirements-lint.txt
index cfc22accc..966dbd414 100644
--- a/requirements-lint.txt
+++ b/requirements-lint.txt
@@ -1,7 +1,7 @@
 -r requirements.txt
 argcomplete==2.0.0
 black==26.3.1
-commitizen==4.13.10
+commitizen==4.15.0
 flake8==7.3.0
 isort==8.0.1
 mypy==1.20.2
@@ -10,5 +10,5 @@ pytest==9.0.3
 responses==0.26.0
 respx==0.23.1
 types-PyYAML==6.0.12.20260408
-types-requests==2.33.0.20260408
+types-requests==2.33.0.20260503
 types-setuptools==82.0.0.20260408
diff --git a/requirements-test.txt b/requirements-test.txt
index 69399ce41..92f88f566 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,6 +1,6 @@
 -r requirements.txt
 anyio==4.13.0
-build==1.4.4
+build==1.5.0
 coverage==7.13.5
 pytest-console-scripts==1.4.1
 pytest-cov==7.1.0

From cea29527437e42920db5a3a11554fef57e628a19 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 21 May 2026 22:42:46 +0000
Subject: [PATCH 2/4] chore(deps): update all non-major dependencies

---
 .github/workflows/lock.yml  |  2 +-
 .github/workflows/stale.yml |  2 +-
 .github/workflows/test.yml  |  4 ++--
 .pre-commit-config.yaml     |  6 +++---
 requirements-docs.txt       |  2 +-
 requirements-lint.txt       | 12 ++++++------
 requirements-test.txt       |  4 ++--
 requirements.txt            |  2 +-
 8 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
index f6f1c6229..809c36a87 100644
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -15,6 +15,6 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v6.0.0
+      - uses: dessant/lock-threads@v6.0.1
         with:
           process-only: 'issues'
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 167deac9b..8b03ec138 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -17,7 +17,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v10.2.0
+      - uses: actions/stale@v10.3.0
         with:
           operations-per-run: 500
           stale-issue-label: "stale"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 125555594..4cd761ad6 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -77,7 +77,7 @@ jobs:
           TOXENV: ${{ matrix.toxenv }}
         run: tox -- --override-ini='log_cli=True'
       - name: Upload codecov coverage
-        uses: codecov/codecov-action@v6.0.0
+        uses: codecov/codecov-action@v6.0.1
         with:
           files: ./coverage.xml
           flags: ${{ matrix.toxenv }}
@@ -100,7 +100,7 @@ jobs:
           TOXENV: cover
         run: tox
       - name: Upload codecov coverage
-        uses: codecov/codecov-action@v6.0.0
+        uses: codecov/codecov-action@v6.0.1
         with:
           files: ./coverage.xml
           flags: unit
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 44d4b0f06..b0be8e1b2 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,11 +3,11 @@ default_language_version:
 
 repos:
   - repo: https://github.com/psf/black
-    rev: 26.3.1
+    rev: 26.5.1
     hooks:
       - id: black
   - repo: https://github.com/commitizen-tools/commitizen
-    rev: v4.15.0
+    rev: v4.16.2
     hooks:
       - id: commitizen
         stages: [commit-msg]
@@ -51,6 +51,6 @@ repos:
       - id: rst-directive-colons
       - id: rst-inline-touching-normal
   - repo: https://github.com/maxbrunet/pre-commit-renovate
-    rev: 43.141.2
+    rev: 43.150.0
     hooks:
       - id: renovate-config-validator
diff --git a/requirements-docs.txt b/requirements-docs.txt
index 1c445092a..3118f99e3 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -1,7 +1,7 @@
 -r requirements.txt
 furo==2025.12.19
 jinja2==3.1.6
-myst-parser==5.0.0
+myst-parser==5.1.0
 sphinx==9.1.0
 sphinxcontrib-autoprogram==0.1.9
 sphinx-autobuild==2025.8.25
diff --git a/requirements-lint.txt b/requirements-lint.txt
index 966dbd414..9fefc4ee7 100644
--- a/requirements-lint.txt
+++ b/requirements-lint.txt
@@ -1,14 +1,14 @@
 -r requirements.txt
 argcomplete==2.0.0
-black==26.3.1
-commitizen==4.15.0
+black==26.5.1
+commitizen==4.16.2
 flake8==7.3.0
 isort==8.0.1
 mypy==1.20.2
 pylint==4.0.5
 pytest==9.0.3
-responses==0.26.0
+responses==0.26.1
 respx==0.23.1
-types-PyYAML==6.0.12.20260408
-types-requests==2.33.0.20260503
-types-setuptools==82.0.0.20260408
+types-PyYAML==6.0.12.20260518
+types-requests==2.33.0.20260518
+types-setuptools==82.0.0.20260518
diff --git a/requirements-test.txt b/requirements-test.txt
index 92f88f566..185116805 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,13 +1,13 @@
 -r requirements.txt
 anyio==4.13.0
 build==1.5.0
-coverage==7.13.5
+coverage==7.14.0
 pytest-console-scripts==1.4.1
 pytest-cov==7.1.0
 pytest-github-actions-annotate-failures==0.4.0
 pytest==9.0.3
 PyYaml==6.0.3
-responses==0.26.0
+responses==0.26.1
 respx==0.23.1
 trio==0.33.0
 wheel==0.47.0
diff --git a/requirements.txt b/requirements.txt
index 31ae12e35..4cf4bdfb0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
 gql==4.0.0
 httpx==0.28.1
-requests==2.33.1
+requests==2.34.2
 requests-toolbelt==1.0.0

From 3738bb2eaa1be118021337fc02aba02d4abf8acf Mon Sep 17 00:00:00 2001
From: Antoine Auger <antoineauger@users.noreply.github.com>
Date: Thu, 21 May 2026 14:13:34 +0200
Subject: [PATCH 3/4] feat(const): add new Security Manager role

---
 gitlab/const.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gitlab/const.py b/gitlab/const.py
index 7a0492e64..6edc24f83 100644
--- a/gitlab/const.py
+++ b/gitlab/const.py
@@ -7,13 +7,14 @@ class GitlabEnum(str, Enum):
     """An enum mixed in with str to make it JSON-serializable."""
 
 
-# https://gitlab.com/gitlab-org/gitlab/-/blob/e97357824bedf007e75f8782259fe07435b64fbb/lib/gitlab/access.rb#L12-18
+# https://gitlab.com/gitlab-org/gitlab/-/blob/1fb8053d00f4085a8a99c3ab53dba46d2e765893/lib/gitlab/access.rb#L12-21
 class AccessLevel(IntEnum):
     NO_ACCESS = 0
     MINIMAL_ACCESS = 5
     GUEST = 10
     PLANNER = 15
     REPORTER = 20
+    SECURITY_MANAGER = 25
     DEVELOPER = 30
     MAINTAINER = 40
     OWNER = 50
@@ -95,6 +96,7 @@ class PipelineStatus(GitlabEnum):
 GUEST_ACCESS = AccessLevel.GUEST.value
 PLANNER_ACCESS = AccessLevel.PLANNER.value
 REPORTER_ACCESS = AccessLevel.REPORTER.value
+SECURITY_MANAGER_ACCESS = AccessLevel.SECURITY_MANAGER.value
 DEVELOPER_ACCESS = AccessLevel.DEVELOPER.value
 MAINTAINER_ACCESS = AccessLevel.MAINTAINER.value
 OWNER_ACCESS = AccessLevel.OWNER.value
@@ -164,6 +166,7 @@ class PipelineStatus(GitlabEnum):
     "SEARCH_SCOPE_PROJECTS",
     "SEARCH_SCOPE_USERS",
     "SEARCH_SCOPE_WIKI_BLOBS",
+    "SECURITY_MANAGER_ACCESS",
     "USER_AGENT",
     "VISIBILITY_INTERNAL",
     "VISIBILITY_PRIVATE",

From 2ab6d9f1c667d809f4d118ad8d8a2c111cc21b0e Mon Sep 17 00:00:00 2001
From: Antoine Auger <antoineauger@users.noreply.github.com>
Date: Thu, 21 May 2026 14:30:27 +0200
Subject: [PATCH 4/4] test(const): add tests for AccessLevel

---
 tests/unit/test_gitlab.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tests/unit/test_gitlab.py b/tests/unit/test_gitlab.py
index 63d12bc66..41b60b648 100644
--- a/tests/unit/test_gitlab.py
+++ b/tests/unit/test_gitlab.py
@@ -347,6 +347,27 @@ def test_gitlab_plain_const_does_not_warn(recwarn):
     assert no_access == 0
 
 
+@pytest.mark.parametrize(
+    "access_level,plain_const_name,expected_value",
+    [
+        (gitlab.const.AccessLevel.NO_ACCESS, "NO_ACCESS", 0),
+        (gitlab.const.AccessLevel.MINIMAL_ACCESS, "MINIMAL_ACCESS", 5),
+        (gitlab.const.AccessLevel.GUEST, "GUEST_ACCESS", 10),
+        (gitlab.const.AccessLevel.PLANNER, "PLANNER_ACCESS", 15),
+        (gitlab.const.AccessLevel.REPORTER, "REPORTER_ACCESS", 20),
+        (gitlab.const.AccessLevel.SECURITY_MANAGER, "SECURITY_MANAGER_ACCESS", 25),
+        (gitlab.const.AccessLevel.DEVELOPER, "DEVELOPER_ACCESS", 30),
+        (gitlab.const.AccessLevel.MAINTAINER, "MAINTAINER_ACCESS", 40),
+        (gitlab.const.AccessLevel.OWNER, "OWNER_ACCESS", 50),
+        (gitlab.const.AccessLevel.ADMIN, "ADMIN_ACCESS", 60),
+    ],
+)
+def test_gitlab_access_level_constants(access_level, plain_const_name, expected_value):
+    assert access_level == expected_value
+    assert getattr(gitlab.const, plain_const_name) == expected_value
+    assert plain_const_name in gitlab.const.__all__
+
+
 @responses.activate
 @pytest.mark.parametrize(
     "kwargs,link_header,expected_next_url,show_warning",