search

MatthiasValvekens / pyHanko

pyHanko: sign and stamp PDF files
MIT License
483 stars 71 forks source link

Update pyhanko-certvalidator requirement from <0.26,>=0.24 to >=0.24,<0.27 #340

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Updates the requirements on pyhanko-certvalidator to permit the latest version.

Release notes

Sourced from pyhanko-certvalidator's releases.

pyhanko-certvalidator

The release artifacts have been published to PyPI.

Change log

The release notes for the 0.26.0 release have been included in the changelog file

Changelog

Sourced from pyhanko-certvalidator's changelog.

0.26.0

  • Fix error reporting on banned algorithms in some cases
  • Allow caller to assert revocation status of a cert
  • More refined POE information tracking in experimental AdES API

0.25.0

  • Introduce a more precise error type to signal stale revocation information (see PR #11)

0.24.1

  • Ignore content types altogether when fetching certificates and the response payload is PEM (see PR #9)

0.24.0

  • Further increase leniency regarding content types when fetching certificates on-the-fly
  • Add SLSA provenance data to releases
  • Various updates in test dependencies and CI workflow dependencies.

0.23.0

  • Improve processing of OCSP responses without nextUpdate
  • Some more package metadata & release flow tweaks

0.22.0

  • No implementation changes compared to 0.21.2
  • Renamed async_http dependency group to async-http.
  • Move towards automated GitHub Actions-based release flow as a move towards better process standardisation.
  • Sign release artifacts with Sigstore.

0.21.2

  • Fix a typing issue caused by a typo in the requests cert fetcher.
  • Removed a piece of misbehaving and duplicative logic in the revocation freshness checker.

0.21.1

  • Fix DisallowedAlgorithmError parameters.
  • Preserve timestamp info in expiration-related errors.
  • Disable algo enforcement in prima facie past validation checks.
  • Correct a misunderstanding in the interaction between the AdES code and the old "retroactive revinfo" setting.

... (truncated)

Commits
  • f59db1b 0.26.0 release
  • 39184fb Allow caller to assert revocation status of a cert
  • 8bc06cd Fix val proc handling on banned algorithms
  • 7e775d5 object -> Any
  • 0b39ff1 Track more information about POEs
  • bd7ff0a Move KnownPOE type into certvalidator
  • 488978e Bump version number
  • 2b98b0a 0.25.0 release
  • 5f7c50e Merge pull request #11 from MatthiasValvekens/feature/better-error-stale-revinfo
  • 7cdfb06 Unify some code from CRLs and deltas
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
MatthiasValvekens commented 9 months ago

This will be upgraded in a pending feature branch.

dependabot[bot] commented 9 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.