search

pinksheetscrypto / covid-blockchain

Apache License 2.0
15 stars 7 forks source link

Bump cryptography from 3.4.7 to 35.0.0 #33

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps cryptography from 3.4.7 to 35.0.0.

Changelog

Sourced from cryptography's changelog.

35.0.0 - 2021-09-29


* Changed the :ref:`version scheme <api-stability:versioning>`. This will
  result in us incrementing the major version more frequently, but does not
  change our existing backwards compatibility policy.
* **BACKWARDS INCOMPATIBLE:** The :doc:`/x509/index` PEM parsers now require
  that the PEM string passed have PEM delimiters of the correct type. For
  example, parsing a private key PEM concatenated with a certificate PEM will
  no longer be accepted by the PEM certificate parser.
* **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows
  negative serial numbers. :rfc:`5280` has always prohibited these.
* **BACKWARDS INCOMPATIBLE:** Invalid ASN.1 found during :doc:`/x509/index`
  parsing will raise an error on initial parse rather than when the invalid
  field is accessed.
* Rust is now required for building ``cryptography``, the
  ``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer
  respected.
* Parsers for :doc:`/x509/index` no longer use OpenSSL and have been
  rewritten in Rust. This should be backwards compatible (modulo the items
  listed above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for
  :class:`~cryptography.hazmat.primitives.hashes.SM3` and
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`,
  when using OpenSSL 1.1.1. These algorithms are provided for compatibility
  in regions where they may be required, and are not generally recommended.
* We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to
  our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions
  like Alpine Linux should ensure they upgrade to the latest ``pip`` to
  correctly receive wheels.
* Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute
  <cryptography.x509.NameAttribute.rfc4514_attribute_name>`.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`.

.. _v3-4-8:


3.4.8 - 2021-08-24



* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
  OpenSSL 1.1.1l.

.. _v3-4-7:
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/pyca/cryptography/commit/c7fbef767a94ee1569ae0630006fdb144d6a4e8d"><code>c7fbef7</code></a> bump for 35.0 release (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6333">#6333</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/82d3f2bdc5500826bfb6a75958ff286af29b8331"><code>82d3f2b</code></a> update release.py (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6332">#6332</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/00c54b581d3475ca13383669e5e4df697c96ce09"><code>00c54b5</code></a> docs: shift image to latest 20.04 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6331">#6331</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/cb73c72d63b161be34d6df73a6683006dc91cf3b"><code>cb73c72</code></a> Bump smallvec from 1.6.1 to 1.7.0 in /src/rust (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6329">#6329</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/90a564e54bfc807b1a8a1fd5696f3489f7ccc980"><code>90a564e</code></a> build our wheels from tag so we can upload sdist last (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6328">#6328</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/cf9e57685917b189a3fb5c7e5ea65619363ecfd8"><code>cf9e576</code></a> fix changelog to remove inaccurate statement (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6327">#6327</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/329a795446785fde7e44092c0728ec3820e0574b"><code>329a795</code></a> Improve changelog for cryptography.x509 changes (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6326">#6326</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/0f2c416e4598877c779cd7a370d9e06d616b562f"><code>0f2c416</code></a> add CRL pyopenssl fallback (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6325">#6325</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/57e5176f4d736d84bcc0c32ae303fe7db9f82078"><code>57e5176</code></a> remove unneeded bindings (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6324">#6324</a>)</li>
<li><a href="https://github.com/pyca/cryptography/commit/baa6ff14e3353403008293c3a27cee8b00160282"><code>baa6ff1</code></a> Bump dessant/lock-threads from 2.1.2 to 3 (<a href="https://github-redirect.dependabot.com/pyca/cryptography/issues/6323">#6323</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/3.4.7...35.0.0">compare view</a></li>
</ul>
</details>

<br />



[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=3.4.7&new-version=35.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---



Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 years ago

Superseded by #37.