* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>
... (truncated)
Commits
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
-- by pbrezina{.interpreted-text role="user"}
Improvements in existing functionality
#12469: The console output now uses the "third-party plugins" terminology,
replacing the previously established but confusing and outdated
reference to setuptools <setuptools:index>{.interpreted-text role="std:doc"}
-- by webknjaz{.interpreted-text role="user"}.
#12544, #12545: Python virtual environment detection was improved by
checking for a pyvenv.cfg{.interpreted-text role="file"} file, ensuring reliable detection on
various platforms -- by zachsnickers{.interpreted-text role="user"}.
2.15.0 Support Pebble check-failed and check-recovered events
What's Changed
This release adds support for new events based on Pebble checks. As of Juju 3.6b2, when a Pebble check reaches the failure threshold, a PebbleCheckFailedEvent will be emitted - and when the check starts passing again, the charm will get a PebbleCheckRecoveredEvent. Kubernetes charms can observe these events to react to failing checks - for example, change the unit or application status, output additional logging, or dynamically adjust the workload to work around the failure.
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions |
| --- | --- |
| pytest | [>= 8.2.a, < 8.3] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the pip_dependencies group with 5 updates:
42.0.8
43.0.0
1.1.371
1.1.372
8.1.2
8.3.1
0.5.2
0.5.4
2.14.1
2.15.0
Updates
cryptography
from 42.0.8 to 43.0.0Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
ebf14f2
bump for 43.0.0 and update changelog (#11311)42788a0
Fix exchange with keys that had Q automatically computed (#11309)2dbdfb8
don't assign unused name (#11310)ccc66e6
Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)4310c87
Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)f66a9c4
Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)a8fcf18
Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)2fe32b2
Bump mypy from 1.10.1 to 1.11.0 (#11303)ee24e82
Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)7249ccd
Bump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)Updates
pyright
from 1.1.371 to 1.1.372Commits
59a4bdf
[pyright updated to 1.1.372] Update Version (#283)Updates
pytest
from 8.1.2 to 8.3.1Release notes
Sourced from pytest's releases.
... (truncated)
Commits
de98446
Prepare release version 8.3.1bd0a042
Merge pull request #12636 from pytest-dev/update-release-notes664325b
doc/changelog: update 8.3.0 notes19d225d
Merge pull request #12635 from pytest-dev/release-8.3.0bc33028
Prepare release version 8.3.0a7d5a8e
Merge pull request #12557 from x612skm/maintainence/11771-pypy-3.9-bumpced7072
Add a change note for PR #11771d42b76d
Adjust test_errors_in_xfail_skip_expressions for PyPy9eee45a
Bump PyPy runtime to v3.9 @ GHAd489247
Fix caching of parameterized fixtures (#12600)Updates
ruff
from 0.5.2 to 0.5.4Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
... (truncated)
Commits
53b84ab
Cleanup redundant spaces from changelog (#12424)3664f85
Bump version to v0.5.4 (#12423)2c1926b
Insert parentheses for multi-argument generators (#12422)4bcc96a
Avoid shadowing diagnostics for@override
methods (#12415)c0a2b49
Fix the Github link error for Neovim in the setup for editors in the docs. (#...ca22248
Update docs Settings output-format default (#12409)d8cf8ac
[red-knot] Resolve symbols frombuiltins.pyi
in the stdlib if they cannot b...1c7b840
[red-knot] fix incremental benchmark (#12400)f82bb67
[red-knot] trace file when inferring types (#12401)5f96f69
[red-knot] Fix bug where module resolution would not be invalidated if an ent...Updates
ops
from 2.14.1 to 2.15.0Release notes
Sourced from ops's releases.
Changelog
Sourced from ops's changelog.
Commits
d46f7e9
chore: 2.15.0 (#1295)cdf475f
docs: escape <major> etc in hacking.md (#1294)f12df1f
chore: update charm pins (#1269)fea6d20
fix: use temp dir for secret data (#1290)0dbffcb
chore: bump certifi from 2024.2.2 to 2024.7.4 in /docs (#1282)7ba1f3c
docs: clarify distinction between maintenance and waiting status (#1148)213f47e
ci: bump the Go version to match Pebble (#1285)e3eae86
feat: add support for Pebble check-failed and check-recovered events (#1281)5a21cd2
fix: add checks and log_targets to ops.testing (#1268)2e1dbd9
chore: bump version for the coming month's work (#1277)Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | pytest | [>= 8.2.a, < 8.3] |Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show