* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>
... (truncated)
Commits
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
-- by pbrezina{.interpreted-text role="user"}
Improvements in existing functionality
#12469: The console output now uses the "third-party plugins" terminology,
replacing the previously established but confusing and outdated
reference to setuptools <setuptools:index>{.interpreted-text role="std:doc"}
-- by webknjaz{.interpreted-text role="user"}.
#12544, #12545: Python virtual environment detection was improved by
checking for a pyvenv.cfg{.interpreted-text role="file"} file, ensuring reliable detection on
various platforms -- by zachsnickers{.interpreted-text role="user"}.
2.15.0 Support Pebble check-failed and check-recovered events
What's Changed
This release adds support for new events based on Pebble checks. As of Juju 3.6b2, when a Pebble check reaches the failure threshold, a PebbleCheckFailedEvent will be emitted - and when the check starts passing again, the charm will get a PebbleCheckRecoveredEvent. Kubernetes charms can observe these events to react to failing checks - for example, change the unit or application status, output additional logging, or dynamically adjust the workload to work around the failure.
Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions |
| --- | --- |
| pytest | [>= 8.2.a, < 8.3] |
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the pip_dependencies group with 5 updates:
42.0.843.0.01.1.3711.1.3728.1.28.3.10.5.20.5.42.14.12.15.0Updates
cryptographyfrom 42.0.8 to 43.0.0Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
ebf14f2bump for 43.0.0 and update changelog (#11311)42788a0Fix exchange with keys that had Q automatically computed (#11309)2dbdfb8don't assign unused name (#11310)ccc66e6Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)4310c87Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)f66a9c4Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)a8fcf18Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)2fe32b2Bump mypy from 1.10.1 to 1.11.0 (#11303)ee24e82Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)7249ccdBump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)Updates
pyrightfrom 1.1.371 to 1.1.372Commits
59a4bdf[pyright updated to 1.1.372] Update Version (#283)Updates
pytestfrom 8.1.2 to 8.3.1Release notes
Sourced from pytest's releases.
... (truncated)
Commits
de98446Prepare release version 8.3.1bd0a042Merge pull request #12636 from pytest-dev/update-release-notes664325bdoc/changelog: update 8.3.0 notes19d225dMerge pull request #12635 from pytest-dev/release-8.3.0bc33028Prepare release version 8.3.0a7d5a8eMerge pull request #12557 from x612skm/maintainence/11771-pypy-3.9-bumpced7072Add a change note for PR #11771d42b76dAdjust test_errors_in_xfail_skip_expressions for PyPy9eee45aBump PyPy runtime to v3.9 @ GHAd489247Fix caching of parameterized fixtures (#12600)Updates
rufffrom 0.5.2 to 0.5.4Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
... (truncated)
Commits
53b84abCleanup redundant spaces from changelog (#12424)3664f85Bump version to v0.5.4 (#12423)2c1926bInsert parentheses for multi-argument generators (#12422)4bcc96aAvoid shadowing diagnostics for@overridemethods (#12415)c0a2b49Fix the Github link error for Neovim in the setup for editors in the docs. (#...ca22248Update docs Settings output-format default (#12409)d8cf8ac[red-knot] Resolve symbols frombuiltins.pyiin the stdlib if they cannot b...1c7b840[red-knot] fix incremental benchmark (#12400)f82bb67[red-knot] trace file when inferring types (#12401)5f96f69[red-knot] Fix bug where module resolution would not be invalidated if an ent...Updates
opsfrom 2.14.1 to 2.15.0Release notes
Sourced from ops's releases.
Changelog
Sourced from ops's changelog.
Commits
d46f7e9chore: 2.15.0 (#1295)cdf475fdocs: escape <major> etc in hacking.md (#1294)f12df1fchore: update charm pins (#1269)fea6d20fix: use temp dir for secret data (#1290)0dbffcbchore: bump certifi from 2024.2.2 to 2024.7.4 in /docs (#1282)7ba1f3cdocs: clarify distinction between maintenance and waiting status (#1148)213f47eci: bump the Go version to match Pebble (#1285)e3eae86feat: add support for Pebble check-failed and check-recovered events (#1281)5a21cd2fix: add checks and log_targets to ops.testing (#1268)2e1dbd9chore: bump version for the coming month's work (#1277)Most Recent Ignore Conditions Applied to This Pull Request
| Dependency Name | Ignore Conditions | | --- | --- | | pytest | [>= 8.2.a, < 8.3] |Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show