search

UKHSA-Internal / coronavirus-dashboard-api-v1

MIT License
0 stars 1 forks source link

Bump cryptography from 2.9.2 to 3.4.3 #13

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps cryptography from 2.9.2 to 3.4.3.

Changelog

Sourced from cryptography's changelog.

3.4.3 - 2021-02-08


* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
  on older versions will get a clear error message.

.. _v3-4-2:


3.4.2 - 2021-02-08

  • Improvements to make the rust transition a bit easier. This includes some better error messages and small dependency fixes. If you experience installation problems Be sure to update pip first, then check the :doc:FAQ </faq>.

.. _v3-4-1:

3.4.1 - 2021-02-07


* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
  due to outdated ``pip`` or missing ``rustc``.

.. _v3-4:


3.4 - 2021-02-07



* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
  wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
  cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
  themselves will need to have the Rust toolchain installed. Users who use an
  officially produced wheel will not need to make any changes. The minimum
  supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
  APIs. Users can begin using them to type check their code with ``mypy``.

.. _v3-3-2:

3.3.2 - 2021-02-07
</code></pre>
<ul>
<li><strong>SECURITY ISSUE:</strong> Fixed a bug where certain sequences of <code>update()</code> calls
when symmetrically encrypting very large payloads (&gt;2GB) could result in an
integer overflow, leading to buffer overflows. <em>CVE-2020-36242</em></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/pyca/cryptography/commit/86c9e4a763579d6b2369db83064c0c4b8e9c1c77"><code>86c9e4a</code></a> version bump, changelog already done (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5791">#5791</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/0f40cb3acb66014d2872010ae3ba00dd16157d01"><code>0f40cb3</code></a> [3.4] Specify an MSRV in setup.py (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5789">#5789</a>) (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5790">#5790</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/74a3df42c43d341014a4a6f111804f304a446902"><code>74a3df4</code></a> 3.4.2 changelog and version bump (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5784">#5784</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/4a66e2bdde25535d236338d8af84595c78562673"><code>4a66e2b</code></a> [3.4] More aggressively point people at Rust version docs (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5782">#5782</a>) (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5783">#5783</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/843ada65e816a17e1b3d90b12ab6403c8ff96654"><code>843ada6</code></a> Remove setuptools_rust from install requirement (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5779">#5779</a>) (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5781">#5781</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/e5b5c3d4486a4a9b5c457ef7ba147ca893a5a57c"><code>e5b5c3d</code></a> Interface: Make annotation check optional (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5775">#5775</a>) (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5780">#5780</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/ebde3be7ef92658bfbc322476a6f2604f41639fb"><code>ebde3be</code></a> 3.4.1 fixes and changelog bump (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5761">#5761</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/2c11ad53c07179e03ea2f60813cb52d83f766292"><code>2c11ad5</code></a> 3.4 release (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5749">#5749</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/06cbf77371881e80ea4b5e349136dcc53749fc0c"><code>06cbf77</code></a> port changelog and fix back to master for CVE-2020-36242 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5748">#5748</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/9d1669534f95d276412fe224f5a9c413a814f759"><code>9d16695</code></a> Linker script is no longer required for building your own OpenSSL (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/5746">#5746</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/2.9.2...3.4.3">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=2.9.2&new-version=3.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 years ago

The following labels could not be found: dependencies.

dependabot[bot] commented 3 years ago

Superseded by #14.