* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>
... (truncated)
Commits
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
#12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.
-- by RonnyPfannschmidt{.interpreted-text role="user"}
8.3.1
pytest 8.3.1 (2024-07-20)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
We’ve just uploaded mypy 1.11 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:
python3 -m pip install -U mypy
You can read the full documentation for this release on Read the Docs.
Support Python 3.12 Syntax for Generics (PEP 695)
Mypy now supports the new type parameter syntax introduced in Python 3.12 (PEP 695).
This feature is still experimental and must be enabled with the --enable-incomplete-feature=NewGenericSyntax flag, or with enable_incomplete_feature = NewGenericSyntax in the mypy configuration file.
We plan to enable this by default in the next mypy feature release.
This example demonstrates the new syntax:
# Generic function
def f[T](https://github.com/python/mypy/blob/master/x: T) -> T: ...
reveal_type(f(1)) # Revealed type is 'int'
Generic class
class C[T]:
def init(self, x: T) -> None:
self.x = x
c = C('a')
reveal_type(c.x) # Revealed type is 'str'
Type alias
type A[T] = C[list[T]]
This feature was contributed by Jukka Lehtosalo.
Support for functools.partial
Mypy now type checks uses of functools.partial. Previously mypy would accept arbitrary arguments.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the python-requirements group in /requirements with 6 updates:
7.3.7
8.0.2
42.0.8
43.0.0
8.2.2
8.3.2
1.10.1
1.11.1
1.1.369
1.1.374
70.1.0.20240627
71.1.0.20240726
Updates
sphinx
from 7.3.7 to 8.0.2Release notes
Sourced from sphinx's releases.
... (truncated)
Changelog
Sourced from sphinx's changelog.
... (truncated)
Commits
043750e
Bump to 8.0.2 finalcee9efc
Useclassmethod
for a class method16fed35
Bump versiond9bda77
Bump to 8.0.1 final006a6a7
Fix Flake8d0915ab
Fix mypy865b513
Patchpygments.Formatter.__class_getitem__
in Pygments 2.17f1d3c3f
Bump version0e8a638
Bump to 8.0.0 final5750d0e
[bot]: Update message catalogues (#12641)Updates
cryptography
from 42.0.8 to 43.0.0Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
ebf14f2
bump for 43.0.0 and update changelog (#11311)42788a0
Fix exchange with keys that had Q automatically computed (#11309)2dbdfb8
don't assign unused name (#11310)ccc66e6
Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)4310c87
Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)f66a9c4
Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)a8fcf18
Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)2fe32b2
Bump mypy from 1.10.1 to 1.11.0 (#11303)ee24e82
Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)7249ccd
Bump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)Updates
pytest
from 8.2.2 to 8.3.2Release notes
Sourced from pytest's releases.
... (truncated)
Commits
bbcec9c
Prepare release version 8.3.278fe8b6
Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...238bad2
Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-envae6034a
Merge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...31337ab
Merge pull request #12640 from pytest-dev/update-userca3070b
Merge pull request #12637 from pytest-dev/release-8.3.1de98446
Prepare release version 8.3.1bd0a042
Merge pull request #12636 from pytest-dev/update-release-notes664325b
doc/changelog: update 8.3.0 notes19d225d
Merge pull request #12635 from pytest-dev/release-8.3.0Updates
mypy
from 1.10.1 to 1.11.1Changelog
Sourced from mypy's changelog.
... (truncated)
Commits
570b90a
Bump version to 1.11b3a102e
FixRawExpressionType.accept
crash with--cache-fine-grained
(#17588)aec04c7
Fix PEP 604 isinstance caching (#17563)cb44e4d
Fixtyping.TypeAliasType
being undefined on python < 3.12 (#17558)6cf9180
Fix types.GenericAlias lookup crash (#17543)64c1ebf
Bump version to 1.11.1+devdbd5f5c
Remove +dev from version for 1.11 releasef0a8c69
Update CHANGELOG for mypy 1.11 (#17540)371f780
CHANGELOG.md update for 1.11 (#17539)2563da0
Fix daemon crash on invalid type in TypedDict (#17495)Updates
pyright
from 1.1.369 to 1.1.374Commits
c35c2ee
[pyright updated to 1.1.374] Update Version (#286)5d315f9
[pyright updated to 1.1.373] Update Version (#284)59a4bdf
[pyright updated to 1.1.372] Update Version (#283)ca00a93
[pyright updated to 1.1.371] Update Version (#282)14f3e58
Pyright NPM Package update to 1.1.370 (#281)804dafb
chore(internal): loosen twine dependencyUpdates
types-setuptools
from 70.1.0.20240627 to 71.1.0.20240726Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show