search

mozilla / telemetry-analysis-service

Telemetry Analysis Service
https://analysis.telemetry.mozilla.org/
Mozilla Public License 2.0
35 stars 29 forks source link

Bump cryptography from 2.4.2 to 2.8 #1943

Open dependabot-preview[bot] opened 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps cryptography from 2.4.2 to 2.8.

Changelog *Sourced from [cryptography's changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst).* > 2.8 - 2019-10-16 > ================ > > - Updated Windows, macOS, and `manylinux1` wheels to be compiled with OpenSSL 1.1.1d. > - Added support for Python 3.8. > - Added class methods Poly1305.generate\_tag > <cryptography.hazmat.primitives.poly1305.Poly1305.generate\_tag> and Poly1305.verify\_tag > <cryptography.hazmat.primitives.poly1305.Poly1305.verify\_tag> for Poly1305 sign and verify operations. > - Deprecated support for OpenSSL 1.0.1. Support will be removed in `cryptography` 2.9. > - We now ship `manylinux2010` wheels in addition to our `manylinux1` wheels. > - Added support for `ed25519` and `ed448` keys in the \~cryptography.x509.CertificateBuilder, \~cryptography.x509.CertificateSigningRequestBuilder, \~cryptography.x509.CertificateRevocationListBuilder and \~cryptography.x509.ocsp.OCSPResponseBuilder. > - `cryptography` no longer depends on `asn1crypto`. > - \~cryptography.x509.FreshestCRL is now allowed as a \~cryptography.x509.CertificateRevocationList extension. > > 2.7 - 2019-05-30 > ================ > > - **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. > - **BACKWARDS INCOMPATIBLE:** Removed the `cryptography.hazmat.primitives.mac.MACContext` interface. The `CMAC` and `HMAC` APIs have not changed, but they are no longer registered as `MACContext` instances. > - Updated Windows, macOS, and `manylinux1` wheels to be compiled with OpenSSL 1.1.1c. > - Removed support for running our tests with `setup.py test`. Users interested in running our tests can continue to follow the directions in our development documentation</development/getting-started>. > - Add support for \~cryptography.hazmat.primitives.poly1305.Poly1305 when using OpenSSL 1.1.1 or newer. > - Support serialization with `Encoding.OpenSSH` and `PublicFormat.OpenSSH` in Ed25519PublicKey.public\_bytes > <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public\_bytes> . > - Correctly allow passing a `SubjectKeyIdentifier` to \~cryptography.x509.AuthorityKeyIdentifier.from\_issuer\_subject\_key\_identifier and deprecate passing an `Extension` object. The documentation always required `SubjectKeyIdentifier` but the implementation previously required an `Extension`. > > 2.6.1 - 2019-02-27 > ================== > > - Resolved an error in our build infrastructure that broke our Python3 wheels for macOS and Linux. > > 2.6 - 2019-02-27 > ================ > > - **BACKWARDS INCOMPATIBLE:** Removed `cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature` and `cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature`, which had been deprecated for nearly 4 years. Use \~cryptography.hazmat.primitives.asymmetric.utils.encode\_dss\_signature and \~cryptography.hazmat.primitives.asymmetric.utils.decode\_dss\_signature instead. > - **BACKWARDS INCOMPATIBLE**: Removed `cryptography.x509.Certificate.serial`, which had been deprecated for nearly 3 years. Use \~cryptography.x509.Certificate.serial\_number instead. > - Updated Windows, macOS, and `manylinux1` wheels to be compiled with OpenSSL 1.1.1b. > - Added support for /hazmat/primitives/asymmetric/ed448 when using OpenSSL 1.1.1b or newer. > - Added support for /hazmat/primitives/asymmetric/ed25519 when using OpenSSL 1.1.1b or newer. > - \~cryptography.hazmat.primitives.serialization.load\_ssh\_public\_key can now load `ed25519` public keys. > - Add support for easily mapping an object identifier to its elliptic curve class via \~cryptography.hazmat.primitives.asymmetric.ec.get\_curve\_for\_oid. > - Add support for OpenSSL when compiled with the `no-engine` (`OPENSSL_NO_ENGINE`) flag. > > 2.5 - 2019-01-22 > ================ > > - **BACKWARDS INCOMPATIBLE:** U-label strings were deprecated in version 2.1, but this version removes the default `idna` dependency as well. If you still need this deprecated path please install cryptography with the `idna` extra: `pip install cryptography[idna]`. > - **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4. > - Numerous classes and functions have been updated to allow bytes-like types for keying material and passwords, including symmetric algorithms, AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes. > - Updated Windows, macOS, and `manylinux1` wheels to be compiled with OpenSSL 1.1.1a. > ... (truncated)
Commits - [`25494f9`](https://github.com/pyca/cryptography/commit/25494f96d57b8995ee2fde099146b1192582ee1b) Bump versions for 2.8 release ([#5014](https://github-redirect.dependabot.com/pyca/cryptography/issues/5014)) - [`d220d7b`](https://github.com/pyca/cryptography/commit/d220d7ba56e1559b2b2fb7ff7dabf62202466eb7) Don’t downgrade pip on windows wheel building ([#5015](https://github-redirect.dependabot.com/pyca/cryptography/issues/5015)) - [`dc7f138`](https://github.com/pyca/cryptography/commit/dc7f138ea6ac12e5ab7275f1284665a529175cbf) Comply with PEP 508 by using platform_python_implementation ([#5006](https://github-redirect.dependabot.com/pyca/cryptography/issues/5006)) - [`16d3ae1`](https://github.com/pyca/cryptography/commit/16d3ae1b8e96b4c112c0f17911b5d14f0ed20385) UniversalString needs to be encoded as UCS-4 ([#5000](https://github-redirect.dependabot.com/pyca/cryptography/issues/5000)) - [`ae13fec`](https://github.com/pyca/cryptography/commit/ae13fec7fcf795afc198a14daaaf6e33b0513647) Fixes [#5010](https://github-redirect.dependabot.com/pyca/cryptography/issues/5010) -- test and build 3.8 wheels ([#5013](https://github-redirect.dependabot.com/pyca/cryptography/issues/5013)) - [`9c759d0`](https://github.com/pyca/cryptography/commit/9c759d08870d972f1d84e8543130bfb26be4e442) update openssls ([#4995](https://github-redirect.dependabot.com/pyca/cryptography/issues/4995)) - [`e575e3d`](https://github.com/pyca/cryptography/commit/e575e3d482f976c4a1f3203d63ea0f5007a49a2a) update our test to be more robust wrt some changes from upstream ([#4993](https://github-redirect.dependabot.com/pyca/cryptography/issues/4993)) - [`7b2b3a6`](https://github.com/pyca/cryptography/commit/7b2b3a65800b7c004399da5b3b6f431aa30946cc) Simplify implementing sequence methods ([#4987](https://github-redirect.dependabot.com/pyca/cryptography/issues/4987)) - [`3bf44b7`](https://github.com/pyca/cryptography/commit/3bf44b7c847cc5983834355af84b19e96c535652) update libressl and pypy2.7 and pypy3.5 ([#4989](https://github-redirect.dependabot.com/pyca/cryptography/issues/4989)) - [`97570e6`](https://github.com/pyca/cryptography/commit/97570e64456a98d6b34258fac4857126c24c5235) we're done here ([#4991](https://github-redirect.dependabot.com/pyca/cryptography/issues/4991)) - Additional commits viewable in [compare view](https://github.com/pyca/cryptography/compare/2.4.2...2.8)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)