Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scheduled monthly dependency update for January #15

Closed
wants to merge 16 commits into from
Closed

Scheduled monthly dependency update for January #15

wants to merge 16 commits into from

Conversation

pyup-bot
Copy link
Collaborator

@pyup-bot pyup-bot commented Jan 1, 2018

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

asn1crypto 0.23.0 » 0.24.0 PyPI | Changelog | Repo
cryptography 1.9 » 2.1.4 PyPI | Changelog | Repo
gitpython 2.1.7 » 2.1.8 PyPI | Repo | Docs
green 2.11.2 » 2.12.0 PyPI | Changelog | Repo
invoke 0.21.0 » 0.22.0 PyPI | Homepage
keyring 10.5.0 » 10.5.1 PyPI | Changelog | Repo
markdown 2.6.9 » 2.6.10 PyPI | Repo | Docs
pip-tools 1.10.2 » 1.11.0 PyPI | Changelog | Repo
tqdm 4.19.4 » 4.19.5 PyPI | Changelog | Repo
tzlocal 1.4 » 1.5.1 PyPI | Changelog | Repo

Changelogs

asn1crypto 0.23.0 -> 0.24.0

0.24.0

  • x509.Certificate().self_signed will no longer return "yes" under any
    circumstances. This helps prevent confusion since the library does not
    verify the signature. Instead a library like oscrypto should be used
    to confirm if a certificate is self-signed.
  • Added various OIDs to x509.KeyPurposeId()
  • Added x509.Certificate().private_key_usage_period_value
  • Added structures for parsing common subject directory attributes for
    X.509 certificates, including x509.SubjectDirectoryAttribute()
  • Added algos.AnyAlgorithmIdentifier() for situations where an
    algorithm identifier may contain a digest, signed digest or encryption
    algorithm OID
  • Fixed a bug with x509.Certificate().subject_directory_attributes_value
    not returning the correct value
  • Fixed a bug where explicitly-tagged fields in a core.Sequence() would
    not function properly when the field had a default value
  • Fixed a bug with type checking in pem.armor()

cryptography 1.9 -> 2.1.4

2.1.3

  • Updated Windows, macOS, and manylinux1 wheels to be compiled with
    OpenSSL 1.1.0g.

.. _v2-1-2:

2.1.2

  • Corrected a bug with the manylinux1 wheels where OpenSSL's stack was
    marked executable.

.. _v2-1-1:

2.1.1

  • Fixed support for install with the system pip on Ubuntu 16.04.

.. _v2-1:

2.1

  • FINAL DEPRECATION Python 2.6 support is deprecated, and will be removed
    in the next release of cryptography.
  • BACKWARDS INCOMPATIBLE: Whirlpool, RIPEMD160, and
    UnsupportedExtension have been removed in accordance with our
    :doc:/api-stability policy.
  • BACKWARDS INCOMPATIBLE:
    :attr:DNSName.value <cryptography.x509.DNSName.value>,
    :attr:RFC822Name.value <cryptography.x509.RFC822Name.value>, and
    :attr:UniformResourceIdentifier.value <cryptography.x509.UniformResourceIdentifier.value>
    will now return an :term:A-label string when parsing a certificate
    containing an internationalized domain name (IDN) or if the caller passed
    a :term:U-label to the constructor. See below for additional deprecations
    related to this change.
  • Installing cryptography now requires pip 6 or newer.
  • Deprecated passing :term:U-label strings to the
    :class:~cryptography.x509.DNSName,
    :class:~cryptography.x509.UniformResourceIdentifier, and
    :class:~cryptography.x509.RFC822Name constructors. Instead, users should
    pass values as :term:A-label strings with idna encoding if necessary.
    This change will not affect anyone who is not processing internationalized
    domains.
  • Added support for
    :class:~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20. In
    most cases users should choose
    :class:~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305
    rather than using this unauthenticated form.
  • Added :meth:~cryptography.x509.CertificateRevocationList.is_signature_valid
    to :class:~cryptography.x509.CertificateRevocationList.
  • Support :class:~cryptography.hazmat.primitives.hashes.BLAKE2b and
    :class:~cryptography.hazmat.primitives.hashes.BLAKE2s with
    :class:~cryptography.hazmat.primitives.hmac.HMAC.
  • Added support for
    :class:~cryptography.hazmat.primitives.ciphers.modes.XTS mode for
    AES.
  • Added support for using labels with
    :class:~cryptography.hazmat.primitives.asymmetric.padding.OAEP when using
    OpenSSL 1.0.2 or greater.
  • Improved compatibility with NSS when issuing certificates from an issuer
    that has a subject with non-UTF8String string types.
  • Add support for the :class:~cryptography.x509.DeltaCRLIndicator extension.
  • Add support for the :class:~cryptography.x509.TLSFeature
    extension. This is commonly used for enabling OCSP Must-Staple in
    certificates.
  • Add support for the :class:~cryptography.x509.FreshestCRL extension.

.. _v2-0-3:

2.0.3

  • Fixed an issue with weak linking symbols when compiling on macOS
    versions older than 10.12.

.. _v2-0-2:

2.0.2

  • Marked all symbols as hidden in the manylinux1 wheel to avoid a
    bug with symbol resolution in certain scenarios.

.. _v2-0-1:

2.0.1

  • Fixed a compilation bug affecting OpenBSD.
  • Altered the manylinux1 wheels to statically link OpenSSL instead of
    dynamically linking and bundling the shared object. This should resolve
    crashes seen when using uwsgi or other binaries that link against
    OpenSSL independently.
  • Fixed the stack level for the signer and verifier warnings.

.. _v2-0:

2.0

  • BACKWARDS INCOMPATIBLE: Support for Python 3.3 has been dropped.
  • We now ship manylinux1 wheels linked against OpenSSL 1.1.0f. These wheels
    will be automatically used with most Linux distributions if you are running
    the latest pip.
  • Deprecated the use of signer on
    :class:~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey,
    :class:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey,
    and
    :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey
    in favor of sign.
  • Deprecated the use of verifier on
    :class:~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey,
    :class:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey,
    and
    :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey
    in favor of verify.
  • Added support for parsing
    :class:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp
    objects from X.509 certificate extensions.
  • Added support for
    :class:~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305.
  • Added support for
    :class:~cryptography.hazmat.primitives.ciphers.aead.AESCCM.
  • Added
    :class:~cryptography.hazmat.primitives.ciphers.aead.AESGCM, a "one shot"
    API for AES GCM encryption.
  • Added support for :doc:/hazmat/primitives/asymmetric/x25519.
  • Added support for serializing and deserializing Diffie-Hellman parameters
    with
    :func:~cryptography.hazmat.primitives.serialization.load_pem_parameters,
    :func:~cryptography.hazmat.primitives.serialization.load_der_parameters,
    and
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHParameters.parameter_bytes
    .
  • The extensions attribute on :class:~cryptography.x509.Certificate,
    :class:~cryptography.x509.CertificateSigningRequest,
    :class:~cryptography.x509.CertificateRevocationList, and
    :class:~cryptography.x509.RevokedCertificate now caches the computed
    Extensions object. There should be no performance change, just a
    performance improvement for programs accessing the extensions attribute
    multiple times.

.. _v1-9:

green 2.11.2 -> 2.12.0

2.12.0

7 Dec 2017

  • Coverage is now required! Python packages do not support the idea of an
    optional dependency, and having a de-facto optional dependencies was causing
    coverage functionality to be broken for packages who want to use green with
    coverage during python setup.py test. Resolves 174.
  • The test_versions utility for testing green itself now deduplicates the
    versions of Python it finds, so it only runs one test for Python 2.7, for
    example. It uses the one it finds first in the $PATH.

keyring 10.5.0 -> 10.5.1

10.5.1

  • 296: Prevent AttributeError on import when Debian has
    created broken dbus installs.

pip-tools 1.10.2 -> 1.11.0

1.11.0

Features:

  • Allow editable packages in requirements.in with pip-compile --generate-hashes (524). Thanks jdufresne
  • Allow for CA bundles with pip-compile --cert (612). Thanks khwilson
  • Improved pip-compile duration with large locally available editable requirement by skipping a copy to the cache
    (583). Thanks costypetrisor
  • Slightly improved the NoCandidateFound error message on potential causes (614). Thanks vphilippon

Bug Fixes:

  • Add -markerlib to the list of PACKAGES_TO_IGNORE of pip-sync (613).

tqdm 4.19.4 -> 4.19.5

4.19.5

  • multiprocess/lock fixes (457)
  • set_description in notebook (345 -> 475)
  • minor tidy (476)
  • documentation updates

tzlocal 1.4 -> 1.5.1

1.5.1

  • 1.5 had a bug that slipped through testing, fixed that,
    increased test coverage.

1.5

  • No longer treats macOS as special, but as a unix.
  • get_windows_info.py is renamed to update_windows_mappings.py
  • Windows mappings now also contain mappings from deprecated zoneinfo names.
    (Preston-Landers, regebro)

That's it for now!

Happy merging! 🤖

@pyup-bot pyup-bot mentioned this pull request Jan 1, 2018
Closed
@MinchinWeb MinchinWeb closed this in a45fd31 Jan 4, 2018
@MinchinWeb MinchinWeb deleted the pyup/scheduled-update-01-01-2018 branch June 5, 2018 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pyup-bot