Merge branch 'master' into backpressure

NoahStapp · web-flow · commit 863704e749b9 · 2026-04-13T11:08:41.000-04:00
diff --git a/.evergreen/spec-patch/PYTHON-5668.patch b/.evergreen/spec-patch/PYTHON-5668.patch
diff --git a/.evergreen/spec-patch/PYTHON-5759.patch b/.evergreen/spec-patch/PYTHON-5759.patch
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -1,44 +1,3 @@
-When reviewing code, focus on:
+Please see [AGENTS.md](../AGENTS.md).
 
-## Security Critical Issues
-- Check for hardcoded secrets, API keys, or credentials.
-- Check for instances of potential method call injection, dynamic code execution, symbol injection or other code injection vulnerabilities.
-
-## Performance Red Flags
-- Spot inefficient loops and algorithmic issues.
-- Check for memory leaks and resource cleanup.
-
-## Code Quality Essentials
-- Methods should be focused and appropriately sized. If a method is doing too much, suggest refactorings to split it up.
-- Use clear, descriptive naming conventions.
-- Avoid encapsulation violations and ensure proper separation of concerns.
-- All public classes, modules, and methods should have clear documentation in Sphinx format.
-
-## PyMongo-specific Concerns
-- Do not review files within `pymongo/synchronous` or files in `test/` that also have a file of the same name in `test/asynchronous` unless the reviewed changes include a `_IS_SYNC` statement. PyMongo generates these files from `pymongo/asynchronous` and `test/asynchronous` using `tools/synchro.py`.
-- All asynchronous functions must not call any blocking I/O.
-
-## Review Style
-- Be specific and actionable in feedback.
-- Explain the "why" behind recommendations.
-- Acknowledge good patterns when you see them.
-- Ask clarifying questions when code intent is unclear.
-
-Always prioritize security vulnerabilities and performance issues that could impact users.
-
-Always suggest changes to improve readability and testability. For example, this suggestion seeks to make the code more readable, reusable, and testable:
-
-```python
-# Instead of:
-if user.email and "@" in user.email and len(user.email) > 5:
-    submit_button.enabled = True
-else:
-    submit_button.enabled = False
-
-# Consider:
-def valid_email(email):
-    return email and "@" in email and len(email) > 5
-
-
-submit_button.enabled = valid_email(user.email)
-```
+Follow the repository instructions defined in `AGENTS.md` when working in this codebase.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -6,8 +6,8 @@ If you are an external contributor and there is no JIRA ticket associated with y
 for the PR title. A MongoDB employee will create a JIRA ticket and edit the name and links as appropriate.
 
 Note on AI Contributions:
-We do not accept pull requests that are primarily or substantially generated by AI tools (ChatGPT, Copilot, etc.).
-All contributions must be written and understood by human contributors.
+We only accept pull requests that are authored and submitted by human contributors who fully understand the changes they are proposing.
+All contributions must be written and understood by human contributors. Please read about our policy in our contributing guide.
 -->
 [JIRA TICKET]
 
diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml
@@ -61,7 +61,7 @@ jobs:
 
       - name: Set up QEMU
         if: runner.os == 'Linux'
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
         with:
           # setup-qemu-action by default uses `tonistiigi/binfmt:latest` image,
           # which is out of date. This causes seg faults during build.
@@ -92,7 +92,7 @@ jobs:
           # Free-threading builds:
           ls wheelhouse/*cp314t*.whl
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: wheel-${{ matrix.buildplat[1] }}
           path: ./wheelhouse/*.whl
@@ -125,7 +125,7 @@ jobs:
           cd ..
           python -c "from pymongo import has_c; assert has_c()"
 
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: "sdist"
           path: ./dist/*.tar.gz
@@ -136,13 +136,13 @@ jobs:
     name: Download Wheels
     steps:
       - name: Download all workflow run artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
       - name: Flatten directory
         working-directory: .
         run: |
           find . -mindepth 2 -type f -exec mv {} . \;
           find . -type d -empty -delete
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: all-dist-${{ github.run_id }}
           path: "./*"
diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
@@ -75,7 +75,7 @@ jobs:
       id-token: write
     steps:
       - name: Download all the dists
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: all-dist-${{ github.run_id }}
           path: dist/
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -67,7 +67,7 @@ jobs:
         run: rm -rf .venv .venv-sbom sbom-requirements.txt
 
       - name: Upload SBOM artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom
           path: sbom.json
diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml
@@ -26,7 +26,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -68,7 +68,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: ${{ matrix.python-version }}
@@ -90,7 +90,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -118,7 +118,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -143,7 +143,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -162,7 +162,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -184,7 +184,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "${{matrix.python}}"
@@ -205,7 +205,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Install uv
-        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
         with:
           enable-cache: true
           python-version: "3.10"
@@ -245,7 +245,7 @@ jobs:
         run: |
           pip install build
           python -m build --sdist
-      - uses: actions/upload-artifact@v6
+      - uses: actions/upload-artifact@v7
         with:
           name: "sdist"
           path: dist/*.tar.gz
@@ -257,7 +257,7 @@ jobs:
       timeout-minutes: 20
       steps:
         - name: Download sdist
-          uses: actions/download-artifact@v7
+          uses: actions/download-artifact@v8
           with:
             path: sdist/
         - name: Unpack SDist
@@ -295,7 +295,7 @@ jobs:
           with:
             persist-credentials: false
         - name: Install uv
-          uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7
+          uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7
           with:
             python-version: "3.9"
         - id: setup-mongodb
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -18,4 +18,4 @@ jobs:
         with:
           persist-credentials: false
       - name: Run zizmor 🌈
-        uses: zizmorcore/zizmor-action@0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d # v0.5.0
+        uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2
diff --git a/AGENTS.md b/AGENTS.md
@@ -0,0 +1,44 @@
+When reviewing code, focus on:
+
+## Security Critical Issues
+- Check for hardcoded secrets, API keys, or credentials.
+- Check for instances of potential method call injection, dynamic code execution, symbol injection or other code injection vulnerabilities.
+
+## Performance Red Flags
+- Spot inefficient loops and algorithmic issues.
+- Check for memory leaks and resource cleanup.
+
+## Code Quality Essentials
+- Methods should be focused and appropriately sized. If a method is doing too much, suggest refactorings to split it up.
+- Use clear, descriptive naming conventions.
+- Avoid encapsulation violations and ensure proper separation of concerns.
+- All public classes, modules, and methods should have clear documentation in Sphinx format.
+
+## PyMongo-specific Concerns
+- Do not review files within `pymongo/synchronous` or files in `test/` that also have a file of the same name in `test/asynchronous` unless the reviewed changes include a `_IS_SYNC` statement. PyMongo generates these files from `pymongo/asynchronous` and `test/asynchronous` using `tools/synchro.py`.
+- All asynchronous functions must not call any blocking I/O.
+
+## Review Style
+- Be specific and actionable in feedback.
+- Explain the "why" behind recommendations.
+- Acknowledge good patterns when you see them.
+- Ask clarifying questions when code intent is unclear.
+
+Always prioritize security vulnerabilities and performance issues that could impact users.
+
+Always suggest changes to improve readability and testability. For example, this suggestion seeks to make the code more readable, reusable, and testable:
+
+```python
+# Instead of:
+if user.email and "@" in user.email and len(user.email) > 5:
+    submit_button.enabled = True
+else:
+    submit_button.enabled = False
+
+# Consider:
+def valid_email(email):
+    return email and "@" in email and len(email) > 5
+
+
+submit_button.enabled = valid_email(user.email)
+```
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -85,49 +85,53 @@ likelihood for getting review sooner shoots up.
     -   `versionadded:: 3.11`
     -   `versionchanged:: 3.5`
 
-**Pull Request Template Breakdown**
+### AI-Generated Contributions Policy
 
--  **Github PR Title**
+#### Our Stance
 
-    -   The PR Title format should always be
-            `[JIRA-ID] : Jira Title or Blurb Summary`.
+We only accept pull requests that are authored and submitted by human contributors who fully understand the changes they are proposing. Pull requests that are not clearly owned and understood by a human contributor may be closed. **All contributions must be submitted, reviewed, and understood by human contributors.**
 
--  **JIRA LINK**
+##### Why This Policy Exists
 
--   Convenient link to the associated JIRA ticket.
+At MongoDB, we understand the power and prevalence of AI tools in software development. With that being said, many MongoDB libraries are foundational tools used in production systems worldwide. The nature of these libraries requires:
 
--   **Summary**
+- **Deep domain expertise**: MongoDB's wire protocol, BSON specification, connection pooling, authentication mechanisms, and concurrency patterns require an understanding that AI alone cannot substantiate.
 
-     -   Small blurb on why this is needed. The JIRA task should have
-            the more in-depth description, but this should still, at a
-            high level, give anyone looking an understanding of why the
-            PR has been checked in.
+- **Long-term maintainability**: Contributors need to be able to explain *why* code is written a certain way, explain design decisions, and be available to iterate on their contributions.
 
--    **Changes in this PR**
+- **Security responsibility**: Authentication, credential handling, and TLS implementation cannot be left to probabilistic code generation.
 
-     -   The explicit code changes that this PR is introducing. This
-            should be more specific than just the task name. (Unless the
-            task name is very clear).
+##### What This Means for Contributors
 
--   **Test Plan**
+**Required:**
 
-    -   Everything needs a test description. Describe what you did
-            to validate your changes actually worked; if you did
-            nothing, then document you did not test it. Aim to make
-            these steps reproducible by other engineers, specifically
-            with your primary reviewer in mind.
+- Full understanding of every line of code you submit
+- Ability to explain and defend your implementation choices
+- Willingness to iterate and maintain your contributions
 
--   **Screenshots**
+**Encouraged:**
 
-    -   Any images that provide more context to the PR. Usually,
-            these just coincide with the test plan.
+- Using AI assistants as learning tools to understand concepts
+- IDE autocomplete features that suggest standard patterns
+- AI help for brainstorming approaches (but write the code yourself)
+- Writing code using AI tools, reviewing each line and revising code as necessary.
 
--   **Callouts or follow-up items**
+**Not allowed:**
 
-    -   This is a good place for identifying "to-dos" that you've
-            placed in the code (Must have an accompanying JIRA Ticket).
-    -   Potential bugs that you are unsure how to test in the code.
-    -   Opinions you want to receive about your code.
+- Submitting PRs generated solely by AI tools
+- Copy-pasting AI-generated code without full understanding
+
+##### Disclosure
+
+If you used AI assistance in any way during your contribution, please disclose what the AI assistant was used for in your PR description. We would love to know what tools developers have found useful in iterating in their day to day.
+
+##### Questions?
+
+If you're unsure whether your contribution complies with this policy, please ask for guidance within the scope of the PR and clarify any uncertainty. We're happy to guide contributors toward successful contributions.
+
+---
+
+*This policy helps us maintain the reliability, security, and trustworthiness that production applications depend on. Thank you for understanding and for contributing thoughtfully to PyMongo.*
 
 ## Running Linters
 
diff --git a/README.md b/README.md
@@ -4,6 +4,7 @@
 [![Python Versions](https://img.shields.io/pypi/pyversions/pymongo)](https://pypi.org/project/pymongo)
 [![Monthly Downloads](https://static.pepy.tech/badge/pymongo/month)](https://pepy.tech/project/pymongo)
 [![API Documentation Status](https://readthedocs.org/projects/pymongo/badge/?version=stable)](http://pymongo.readthedocs.io/en/stable/api?badge=stable)
+[![codecov](https://codecov.io/gh/mongodb/mongo-python-driver/graph/badge.svg?branch=master)](https://codecov.io/gh/mongodb/mongo-python-driver)
 
 ## About
 
diff --git a/bson/son.py b/bson/son.py
@@ -22,6 +22,7 @@
 
 import copy
 import re
+import warnings
 from collections.abc import Mapping as _Mapping
 from typing import (
     Any,
@@ -99,13 +100,28 @@ def __iter__(self) -> Iterator[_Key]:
         yield from self.__keys
 
     def has_key(self, key: _Key) -> bool:
+        warnings.warn(
+            "SON.has_key() is deprecated, use the in operator instead",
+            DeprecationWarning,
+            stacklevel=2,
+        )
         return key in self.__keys
 
     def iterkeys(self) -> Iterator[_Key]:
+        warnings.warn(
+            "SON.iterkeys() is deprecated, use the keys() method instead",
+            DeprecationWarning,
+            stacklevel=2,
+        )
         return self.__iter__()
 
     # fourth level uses definitions from lower levels
     def itervalues(self) -> Iterator[_Value]:
+        warnings.warn(
+            "SON.itervalues() is deprecated, use the values() method instead",
+            DeprecationWarning,
+            stacklevel=2,
+        )
         for _, v in self.items():
             yield v
 
diff --git a/doc/changelog.rst b/doc/changelog.rst
diff --git a/pymongo/common.py b/pymongo/common.py
diff --git a/test/test_son.py b/test/test_son.py
