This PR updates cryptography from 39.0.2 to 40.0.0.
Changelog
### 40.0.0
```
~~~~~~~~~~~~~~~~~~~
* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
``cryptography`` links OpenSSL has changed. This only impacts users who
build ``cryptography`` from source (i.e., not from a ``wheel``), and
specify their own version of OpenSSL. For those users, the ``CFLAGS``,
``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS``
environment variables are no longer valid. Instead, users need to configure
their builds `as documented here`_.
* Support for Python 3.6 is deprecated and will be removed in the next
release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0.
In the next release we will raise MSRV to 1.56.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated support for OpenSSL less than 1.1.1d. The next release of
``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
* The minimum supported version of PyPy3 is now 7.3.10.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
* Added support for parsing SSH certificates in addition to public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`.
* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to
:class:`~cryptography.x509.Certificate`.
* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that
:class:`~cryptography.x509.DNSName` constraints do not contain any ``*``
wildcards.
* Removed many unused CFFI OpenSSL bindings. This will not impact you unless
you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that
these have never been considered a stable, supported, public API by
``cryptography``, this note is included as a courtesy.
* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of
``ValueError`` if an unsupported hash algorithm is passed.
* Added public union type aliases for type hinting:
* Asymmetric types:
:const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`.
* SSH keys:
:const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`,
:const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`.
* PKCS12:
:const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes`
* PKCS7:
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`,
:const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`.
* Two-factor:
:const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes`
* Deprecated previously undocumented but not private type aliases in the
``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new
ones above.
.. _v39-0-2:
```
Links
- PyPI: https://pypi.org/project/cryptography
- Changelog: https://pyup.io/changelogs/cryptography/
- Repo: https://github.com/pyca/cryptography
This PR updates cryptography from 39.0.2 to 40.0.0.
Changelog
### 40.0.0 ``` ~~~~~~~~~~~~~~~~~~~ * **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way ``cryptography`` links OpenSSL has changed. This only impacts users who build ``cryptography`` from source (i.e., not from a ``wheel``), and specify their own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment variables are no longer valid. Instead, users need to configure their builds `as documented here`_. * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest ``pip`` will typically get a wheel and not need Rust installed, but check :doc:`/installation` for documentation on installing a newer ``rustc`` if required. * Deprecated support for OpenSSL less than 1.1.1d. The next release of ``cryptography`` will drop support for older versions. * Deprecated support for DSA keys in :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` and :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. * Deprecated support for OpenSSH serialization in :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. * The minimum supported version of PyPy3 is now 7.3.10. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0. * Added support for parsing SSH certificates in addition to public keys with :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`. :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key` continues to support only public keys. * Added support for generating SSH certificates with :class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`. * Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to :class:`~cryptography.x509.Certificate`. * Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that :class:`~cryptography.x509.DNSName` constraints do not contain any ``*`` wildcards. * Removed many unused CFFI OpenSSL bindings. This will not impact you unless you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that these have never been considered a stable, supported, public API by ``cryptography``, this note is included as a courtesy. * The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of ``ValueError`` if an unsupported hash algorithm is passed. * Added public union type aliases for type hinting: * Asymmetric types: :const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`. * SSH keys: :const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`, :const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`. * PKCS12: :const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes` * PKCS7: :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`, :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`. * Two-factor: :const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes` * Deprecated previously undocumented but not private type aliases in the ``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new ones above. .. _v39-0-2: ```Links
- PyPI: https://pypi.org/project/cryptography - Changelog: https://pyup.io/changelogs/cryptography/ - Repo: https://github.com/pyca/cryptography