* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>
... (truncated)
Commits
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
📝 Move the Features docs to the top level to improve the main page menu. PR #12036 by @tiangolo.
✏️ Fix import typo in reference example for Security. PR #11168 by @0shah0.
📝 Highlight correct line in tutorial docs/en/docs/tutorial/body-multiple-params.md. PR #11978 by @svlandeg.
🔥 Remove Sentry link from Advanced Middleware docs. PR #12031 by @alejsdev.
📝 Clarify management tasks for translations, multiples files in one PR. PR #12030 by @tiangolo.
📝 Edit the link to the OpenAPI "Responses Object" and "Response Object" sections in the "Additional Responses in OpenAPI" section. PR #11996 by @VaitoSoi.
🔨 Specify email-validator dependency with dash. PR #11515 by @jirikuncar.
🌐 Add Spanish translation for docs/es/docs/project-generation.md. PR #11947 by @alejsdev.
- Drop support for Python 3.7 (EOL) by @hugovk in `[#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>`__
- Allow JWT issuer claim validation to accept a list of strings too by @mattpollak in `[#913](https://github.com/jpadilla/pyjwt/issues/913) <https://github.com/jpadilla/pyjwt/pull/913>`__
Fixed
- Fix unnecessary string concatenation by @sirosen in `[#904](https://github.com/jpadilla/pyjwt/issues/904) <https://github.com/jpadilla/pyjwt/pull/904>`__
- Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option by @woodruffw in `[#923](https://github.com/jpadilla/pyjwt/issues/923) <https://github.com/jpadilla/pyjwt/pull/923>`__
- Fix docs step by @jpadilla in `[#950](https://github.com/jpadilla/pyjwt/issues/950) <https://github.com/jpadilla/pyjwt/pull/950>`__
- Fix: Remove an unused variable from example code block by @kenkoooo in `[#958](https://github.com/jpadilla/pyjwt/issues/958) <https://github.com/jpadilla/pyjwt/pull/958>`__
Added
Add support for Python 3.12 by @hugovk in [#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>__
Improve performance of is_ssh_key + add unit test by @bdraco in [#940](https://github.com/jpadilla/pyjwt/issues/940) <https://github.com/jpadilla/pyjwt/pull/940>__
Allow jwt.decode() to accept a PyJWK object by @luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) <https://github.com/jpadilla/pyjwt/pull/886>__
Make algorithm_name attribute available on PyJWK by @luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) <https://github.com/jpadilla/pyjwt/pull/886>__
Raise InvalidKeyError on invalid PEM keys to be compatible with cryptography 42.x.x by @CollinEMac in [#952](https://github.com/jpadilla/pyjwt/issues/952) <https://github.com/jpadilla/pyjwt/pull/952>__
Raise an exception when required cryptography dependency is missing by @tobloef in <https://github.com/jpadilla/pyjwt/pull/963>__
#12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.
-- by RonnyPfannschmidt{.interpreted-text role="user"}
8.3.1
pytest 8.3.1 (2024-07-20)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
BREAKING: Updated minimum supported pytest version to v8.2.0
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
Fixes a bug that caused module-scoped async fixtures to fail when reused in other modules #862#668
pytest-asyncio 0.24.0a1
0.24.0 (UNRELEASED)
BREAKING: Updated minimum supported pytest version to v8.2.0
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
Fixes a bug that caused module-scoped async fixtures to fail when reused in other modules #862#668
pytest-asyncio 0.24.0a0
0.24.0 (UNRELEASED)
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
pytest-asyncio 0.23.8
0.23.8 (2024-07-17)
Fixes a bug that caused duplicate markers in async tests #813
Known issues
As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.
Commits
fb5422f docs: Set release date for v0.24 in changelog.
6dc7f58 docs: Add migration guides for pytest-asyncio v0.21 and v0.23.
1bfc181 Wire Sphinx builds into the RTD config via tox
f03cf13 Build(deps): Bump hypothesis in /dependencies/default
69540bf Build(deps): Bump attrs from 24.1.0 to 24.2.0 in /dependencies/default
b0ccfc5 Build(deps): Bump hypothesis in /dependencies/default
574f1db Build(deps): Bump babel from 2.15.0 to 2.16.0 in /dependencies/docs
ae30dac Update .readthedocs.yaml to install pytest-asyncio
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging...
_Description has been truncated_
Bumps the pip group with 9 updates in the / directory:
42.0.8
43.0.0
0.111.0
0.112.2
2.8.0
2.9.0
0.30.1
0.30.6
3.2.5
3.2.6
24.4.2
24.8.0
8.2.2
8.3.2
0.23.7
0.24.0
26.0.0
28.0.0
Updates
cryptography
from 42.0.8 to 43.0.0Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
ebf14f2
bump for 43.0.0 and update changelog (#11311)42788a0
Fix exchange with keys that had Q automatically computed (#11309)2dbdfb8
don't assign unused name (#11310)ccc66e6
Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)4310c87
Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)f66a9c4
Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)a8fcf18
Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)2fe32b2
Bump mypy from 1.10.1 to 1.11.0 (#11303)ee24e82
Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)7249ccd
Bump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)Updates
fastapi[all]
from 0.111.0 to 0.112.2Release notes
Sourced from fastapi[all]'s releases.
... (truncated)
Commits
d00af00
🔖 Release version 0.112.2b69a9f3
📝 Update release notes51b625e
🐛 Fixallow_inf_nan
option for Param and Body classes (#11867)48b36f2
📝 Update release notes3a4ac24
🐛 Ensure thatapp.include_router
merges nested lifespans (#9630)22bf988
📝 Update release notes6935fe8
📝 Update release notes8f03716
📝 Fix a typo in virtual environement page (#12064)d0ce9d2
📝 Update release notes705659b
📝 Add docs about Environment Variables and Virtual Environments (#12054)Updates
pyjwt
from 2.8.0 to 2.9.0Release notes
Sourced from pyjwt's releases.
Changelog
Sourced from pyjwt's changelog.
Commits
868cf4a
Add 2.9.0 changelog. Fixes #949 (#967)304a3df
[pre-commit.ci] pre-commit autoupdate (#965)527fec2
Raise exception when required cryptography dependency is missing (#963)18a50be
[pre-commit.ci] pre-commit autoupdate (#960)4703f87
Handle load_pem_public_key ValueError (#952)9dc732f
Update usage.rst (#958)ab8176a
Decode with PyJWK (#886)c0a071d
chore: update actions/download-artifact2afbe32
Add coverage and improve performance of is_ssh_key (#940)97345a7
[pre-commit.ci] pre-commit autoupdate (#953)Updates
uvicorn
from 0.30.1 to 0.30.6Release notes
Sourced from uvicorn's releases.
Changelog
Sourced from uvicorn's changelog.
Commits
7dc027d
Version 0.30.6 (#2428)587a1cc
fix: upgrade is not websocket and dependencies are installed, should not warn...cee31a6
test(signal): add sleep to ensure shutdown completion (#2427)eba64ef
ci: timeout for test suite runs to 30 minutes (#2426)0f513d2
Remove signal testing order dependency (#2382)ff54b02
Version 0.30.5 (#2409)2f25107
Fix 0.30.4 issue with connection close header (#2408)8efa41c
Version 0.30.4 (#2403)b492349
Addpragma: full coverage
toProcess.is_alive
(#2402)ce999aa
close request connection if h11 sets client state as MUST_CLOSE (#2375)Updates
pylint
from 3.2.5 to 3.2.6Commits
da19566
Bump pylint to 3.2.6, update changelog (#9825)810c59c
Update setuptools to >=71.0.4 (#9812) (#9824)5f19cd5
Fix a crash when a subclass extends__slots__
(#9817) (#9822)c0b1d22
Bump astroid to 3.2.4 (#9816) (#9821)1d877de
Fix consider-using-min-max-builtin (#9802) (#9803)8410f57
Fix a false positive formissing-param-doc
(#9740) (#9793)bd4c8f1
Handle assert_never() when imported from typing_extensions (#9782) (#9790)8eb2c4d
Fix FP forunexpected-keyword-arg
with ambiguous constructors (#9785) (#9788)9882537
Bump astroid to 3.2.3 (#9787)aea868c
Fixinvalid-name
regression for class attributes in subclasses (#9772) (#9775)Updates
black
from 24.4.2 to 24.8.0Release notes
Sourced from black's releases.
Changelog
Sourced from black's changelog.
Commits
b965c2a
Prepare release 24.8.0 (#4426)9ccf279
Documentfind_project_root
ignoringpyproject.toml
without[tool.black]
...14b6e61
fix: Enhace black efficiently to skip directories listed in .gitignore (#4415)b1c4dd9
fix: respect braces better in f-string parsing (#4422)4b4ae43
Fix incorrect linenos on fstring tokens with escaped newlines (#4423)7fa1faf
docs: fix the installation command of extra for blackd (#4413)8827acc
Bump sphinx from 7.3.7 to 7.4.0 in /docs (#4404)b0da11d
Bump furo from 2024.5.6 to 2024.7.18 in /docs (#4409)721dff5
fix: avoid formatting backslash strings inside f-strings (#4401)7e2afc9
Updateactions/checkout
to v4 to stop node deprecation warnings (#4379)Updates
pytest
from 8.2.2 to 8.3.2Release notes
Sourced from pytest's releases.
... (truncated)
Commits
bbcec9c
Prepare release version 8.3.278fe8b6
Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...238bad2
Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-envae6034a
Merge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...31337ab
Merge pull request #12640 from pytest-dev/update-userca3070b
Merge pull request #12637 from pytest-dev/release-8.3.1de98446
Prepare release version 8.3.1bd0a042
Merge pull request #12636 from pytest-dev/update-release-notes664325b
doc/changelog: update 8.3.0 notes19d225d
Merge pull request #12635 from pytest-dev/release-8.3.0Updates
pytest-asyncio
from 0.23.7 to 0.24.0Release notes
Sourced from pytest-asyncio's releases.
Commits
fb5422f
docs: Set release date for v0.24 in changelog.6dc7f58
docs: Add migration guides for pytest-asyncio v0.21 and v0.23.1bfc181
Wire Sphinx builds into the RTD config via toxf03cf13
Build(deps): Bump hypothesis in /dependencies/default69540bf
Build(deps): Bump attrs from 24.1.0 to 24.2.0 in /dependencies/defaultb0ccfc5
Build(deps): Bump hypothesis in /dependencies/default574f1db
Build(deps): Bump babel from 2.15.0 to 2.16.0 in /dependencies/docsae30dac
Update .readthedocs.yaml to install pytest-asyncio972a704
Derive project version using importlibd587a52
[pre-commit.ci] pre-commit autoupdateUpdates
faker
from 26.0.0 to 28.0.0Release notes
Sourced from faker's releases.
Changelog
Sourced from faker's changelog.
Commits
b51f852
Bump version: 27.4.0 → 28.0.09bcba51
:pencil: Update CHANGELOG.md41d2b31
update type stubs88ec368
Fixpydecimal
handling ofpositive
keyword (#2080)278423b
fix and sorted testef59e07
Bump version: 27.3.0 → 27.4.08387524
:pencil: Update CHANGELOG.md4edeab3
fix typing on Python 3.83884008
fix test8a1e4aa
Add person provider forpk_PK
locale. (#2083)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging... _Description has been truncated_