* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1e has been
removed. Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
now enforces a minimum RSA key size of 1024-bit. Note that 1024-bit is still
considered insecure, users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`
now emits ASN.1 that more closely follows the recommendations in :rfc:`2315`.
* Added new :doc:`/hazmat/decrepit/index` module which contains outdated and
insecure cryptographic primitives.
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish`, which were
deprecated in 37.0.0, have been added to this module. They will be removed
from the ``cipher`` module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES`
and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
They will be removed from the ``cipher`` module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>` APIs in the
form of :class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
``PolicyBuilder``
:meth:`~cryptography.x509.verification.PolicyBuilder.build_client_verifier`.
* Added Certificate
:attr:`~cryptography.x509.Certificate.public_key_algorithm_oid`
and Certificate Signing Request
:attr:`~cryptography.x509.CertificateSigningRequest.public_key_algorithm_oid`
to determine the :class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_date_utc`, a
timezone-aware alternative to the naïve ``datetime`` attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_time_utc`,
</tr></table>
... (truncated)
Commits
ebf14f2 bump for 43.0.0 and update changelog (#11311)
42788a0 Fix exchange with keys that had Q automatically computed (#11309)
📝 Move the Features docs to the top level to improve the main page menu. PR #12036 by @tiangolo.
✏️ Fix import typo in reference example for Security. PR #11168 by @0shah0.
📝 Highlight correct line in tutorial docs/en/docs/tutorial/body-multiple-params.md. PR #11978 by @svlandeg.
🔥 Remove Sentry link from Advanced Middleware docs. PR #12031 by @alejsdev.
📝 Clarify management tasks for translations, multiples files in one PR. PR #12030 by @tiangolo.
📝 Edit the link to the OpenAPI "Responses Object" and "Response Object" sections in the "Additional Responses in OpenAPI" section. PR #11996 by @VaitoSoi.
🔨 Specify email-validator dependency with dash. PR #11515 by @jirikuncar.
🌐 Add Spanish translation for docs/es/docs/project-generation.md. PR #11947 by @alejsdev.
- Drop support for Python 3.7 (EOL) by @hugovk in `[#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>`__
- Allow JWT issuer claim validation to accept a list of strings too by @mattpollak in `[#913](https://github.com/jpadilla/pyjwt/issues/913) <https://github.com/jpadilla/pyjwt/pull/913>`__
Fixed
- Fix unnecessary string concatenation by @sirosen in `[#904](https://github.com/jpadilla/pyjwt/issues/904) <https://github.com/jpadilla/pyjwt/pull/904>`__
- Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option by @woodruffw in `[#923](https://github.com/jpadilla/pyjwt/issues/923) <https://github.com/jpadilla/pyjwt/pull/923>`__
- Fix docs step by @jpadilla in `[#950](https://github.com/jpadilla/pyjwt/issues/950) <https://github.com/jpadilla/pyjwt/pull/950>`__
- Fix: Remove an unused variable from example code block by @kenkoooo in `[#958](https://github.com/jpadilla/pyjwt/issues/958) <https://github.com/jpadilla/pyjwt/pull/958>`__
Added
Add support for Python 3.12 by @hugovk in [#910](https://github.com/jpadilla/pyjwt/issues/910) <https://github.com/jpadilla/pyjwt/pull/910>__
Improve performance of is_ssh_key + add unit test by @bdraco in [#940](https://github.com/jpadilla/pyjwt/issues/940) <https://github.com/jpadilla/pyjwt/pull/940>__
Allow jwt.decode() to accept a PyJWK object by @luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) <https://github.com/jpadilla/pyjwt/pull/886>__
Make algorithm_name attribute available on PyJWK by @luhn in [#886](https://github.com/jpadilla/pyjwt/issues/886) <https://github.com/jpadilla/pyjwt/pull/886>__
Raise InvalidKeyError on invalid PEM keys to be compatible with cryptography 42.x.x by @CollinEMac in [#952](https://github.com/jpadilla/pyjwt/issues/952) <https://github.com/jpadilla/pyjwt/pull/952>__
Raise an exception when required cryptography dependency is missing by @tobloef in <https://github.com/jpadilla/pyjwt/pull/963>__
#12652: Resolve regression [conda]{.title-ref} environments where no longer being automatically detected.
-- by RonnyPfannschmidt{.interpreted-text role="user"}
8.3.1
pytest 8.3.1 (2024-07-20)
The 8.3.0 release failed to include the change notes and docs for the release. This patch release remedies this. There are no other changes.
8.3.0
pytest 8.3.0 (2024-07-20)
New features
#12231: Added [--xfail-tb]{.title-ref} flag, which turns on traceback output for XFAIL results.
If the [--xfail-tb]{.title-ref} flag is not given, tracebacks for XFAIL results are NOT shown.
The style of traceback for XFAIL is set with [--tb]{.title-ref}, and can be [auto|long|short|line|native|no]{.title-ref}.
Note: Even if you have [--xfail-tb]{.title-ref} set, you won't see them if [--tb=no]{.title-ref}.
Some history:
With pytest 8.0, [-rx]{.title-ref} or [-ra]{.title-ref} would not only turn on summary reports for xfail, but also report the tracebacks for xfail results. This caused issues with some projects that utilize xfail, but don't want to see all of the xfail tracebacks.
This change detaches xfail tracebacks from [-rx]{.title-ref}, and now we turn on xfail tracebacks with [--xfail-tb]{.title-ref}. With this, the default [-rx]{.title-ref}/ [-ra]{.title-ref} behavior is identical to pre-8.0 with respect to xfail tracebacks. While this is a behavior change, it brings default behavior back to pre-8.0.0 behavior, which ultimately was considered the better course of action.
#12281: Added support for keyword matching in marker expressions.
Now tests can be selected by marker keyword arguments.
Supported values are int{.interpreted-text role="class"}, (unescaped) str{.interpreted-text role="class"}, bool{.interpreted-text role="class"} & None{.interpreted-text role="data"}.
See marker examples <marker_keyword_expression_example>{.interpreted-text role="ref"} for more information.
-- by lovetheguitar{.interpreted-text role="user"}
#12567: Added --no-fold-skipped command line option.
If this option is set, then skipped tests in short summary are no longer grouped
by reason but all tests are printed individually with their nodeid in the same
way as other statuses.
BREAKING: Updated minimum supported pytest version to v8.2.0
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
Fixes a bug that caused module-scoped async fixtures to fail when reused in other modules #862#668
pytest-asyncio 0.24.0a1
0.24.0 (UNRELEASED)
BREAKING: Updated minimum supported pytest version to v8.2.0
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
Fixes a bug that caused module-scoped async fixtures to fail when reused in other modules #862#668
pytest-asyncio 0.24.0a0
0.24.0 (UNRELEASED)
Adds an optional loop_scope keyword argument to pytest.mark.asyncio. This argument controls which event loop is used to run the marked async test. #706, #871
Deprecates the optional scope keyword argument to pytest.mark.asyncio for API consistency with pytest_asyncio.fixture. Users are encouraged to use the loop_scope keyword argument, which does exactly the same.
Raises an error when passing scope or loop_scope as a positional argument to @pytest.mark.asyncio. #812
pytest-asyncio 0.23.8
0.23.8 (2024-07-17)
Fixes a bug that caused duplicate markers in async tests #813
Known issues
As of v0.23, pytest-asyncio attaches an asyncio event loop to each item of the test suite (i.e. session, packages, modules, classes, functions) and allows tests to be run in those loops when marked accordingly. Pytest-asyncio currently assumes that async fixture scope is correlated with the new event loop scope. This prevents fixtures from being evaluated independently from the event loop scope and breaks some existing test suites (see #706). For example, a test suite may require all fixtures and tests to run in the same event loop, but have async fixtures that are set up and torn down for each module. If you're affected by this issue, please continue using the v0.21 release, until it is resolved.
Commits
fb5422f docs: Set release date for v0.24 in changelog.
6dc7f58 docs: Add migration guides for pytest-asyncio v0.21 and v0.23.
1bfc181 Wire Sphinx builds into the RTD config via tox
f03cf13 Build(deps): Bump hypothesis in /dependencies/default
69540bf Build(deps): Bump attrs from 24.1.0 to 24.2.0 in /dependencies/default
b0ccfc5 Build(deps): Bump hypothesis in /dependencies/default
574f1db Build(deps): Bump babel from 2.15.0 to 2.16.0 in /dependencies/docs
ae30dac Update .readthedocs.yaml to install pytest-asyncio
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging...
_Description has been truncated_
dependabot[bot]
commented
1 month ago
Bumps the pip group with 9 updates in the / directory:
42.0.843.0.00.111.00.112.22.8.02.9.00.30.10.30.63.2.53.2.624.4.224.8.08.2.28.3.20.23.70.24.026.0.028.0.0Updates
cryptographyfrom 42.0.8 to 43.0.0Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
ebf14f2bump for 43.0.0 and update changelog (#11311)42788a0Fix exchange with keys that had Q automatically computed (#11309)2dbdfb8don't assign unused name (#11310)ccc66e6Bump openssl from 0.10.64 to 0.10.65 in /src/rust (#11308)4310c87Bump sphinxcontrib-qthelp from 1.0.7 to 1.0.8 (#11307)f66a9c4Bump sphinxcontrib-htmlhelp from 2.0.5 to 2.0.6 (#11306)a8fcf18Bump openssl-sys from 0.9.102 to 0.9.103 in /src/rust (#11305)2fe32b2Bump mypy from 1.10.1 to 1.11.0 (#11303)ee24e82Bump setuptools from 71.0.3 to 71.0.4 in /.github/requirements (#11304)7249ccdBump portable-atomic from 1.6.0 to 1.7.0 in /src/rust (#11302)Updates
fastapi[all]from 0.111.0 to 0.112.2Release notes
Sourced from fastapi[all]'s releases.
... (truncated)
Commits
d00af00🔖 Release version 0.112.2b69a9f3📝 Update release notes51b625e🐛 Fixallow_inf_nanoption for Param and Body classes (#11867)48b36f2📝 Update release notes3a4ac24🐛 Ensure thatapp.include_routermerges nested lifespans (#9630)22bf988📝 Update release notes6935fe8📝 Update release notes8f03716📝 Fix a typo in virtual environement page (#12064)d0ce9d2📝 Update release notes705659b📝 Add docs about Environment Variables and Virtual Environments (#12054)Updates
pyjwtfrom 2.8.0 to 2.9.0Release notes
Sourced from pyjwt's releases.
Changelog
Sourced from pyjwt's changelog.
Commits
868cf4aAdd 2.9.0 changelog. Fixes #949 (#967)304a3df[pre-commit.ci] pre-commit autoupdate (#965)527fec2Raise exception when required cryptography dependency is missing (#963)18a50be[pre-commit.ci] pre-commit autoupdate (#960)4703f87Handle load_pem_public_key ValueError (#952)9dc732fUpdate usage.rst (#958)ab8176aDecode with PyJWK (#886)c0a071dchore: update actions/download-artifact2afbe32Add coverage and improve performance of is_ssh_key (#940)97345a7[pre-commit.ci] pre-commit autoupdate (#953)Updates
uvicornfrom 0.30.1 to 0.30.6Release notes
Sourced from uvicorn's releases.
Changelog
Sourced from uvicorn's changelog.
Commits
7dc027dVersion 0.30.6 (#2428)587a1ccfix: upgrade is not websocket and dependencies are installed, should not warn...cee31a6test(signal): add sleep to ensure shutdown completion (#2427)eba64efci: timeout for test suite runs to 30 minutes (#2426)0f513d2Remove signal testing order dependency (#2382)ff54b02Version 0.30.5 (#2409)2f25107Fix 0.30.4 issue with connection close header (#2408)8efa41cVersion 0.30.4 (#2403)b492349Addpragma: full coveragetoProcess.is_alive(#2402)ce999aaclose request connection if h11 sets client state as MUST_CLOSE (#2375)Updates
pylintfrom 3.2.5 to 3.2.6Commits
da19566Bump pylint to 3.2.6, update changelog (#9825)810c59cUpdate setuptools to >=71.0.4 (#9812) (#9824)5f19cd5Fix a crash when a subclass extends__slots__(#9817) (#9822)c0b1d22Bump astroid to 3.2.4 (#9816) (#9821)1d877deFix consider-using-min-max-builtin (#9802) (#9803)8410f57Fix a false positive formissing-param-doc(#9740) (#9793)bd4c8f1Handle assert_never() when imported from typing_extensions (#9782) (#9790)8eb2c4dFix FP forunexpected-keyword-argwith ambiguous constructors (#9785) (#9788)9882537Bump astroid to 3.2.3 (#9787)aea868cFixinvalid-nameregression for class attributes in subclasses (#9772) (#9775)Updates
blackfrom 24.4.2 to 24.8.0Release notes
Sourced from black's releases.
Changelog
Sourced from black's changelog.
Commits
b965c2aPrepare release 24.8.0 (#4426)9ccf279Documentfind_project_rootignoringpyproject.tomlwithout[tool.black]...14b6e61fix: Enhace black efficiently to skip directories listed in .gitignore (#4415)b1c4dd9fix: respect braces better in f-string parsing (#4422)4b4ae43Fix incorrect linenos on fstring tokens with escaped newlines (#4423)7fa1fafdocs: fix the installation command of extra for blackd (#4413)8827accBump sphinx from 7.3.7 to 7.4.0 in /docs (#4404)b0da11dBump furo from 2024.5.6 to 2024.7.18 in /docs (#4409)721dff5fix: avoid formatting backslash strings inside f-strings (#4401)7e2afc9Updateactions/checkoutto v4 to stop node deprecation warnings (#4379)Updates
pytestfrom 8.2.2 to 8.3.2Release notes
Sourced from pytest's releases.
... (truncated)
Commits
bbcec9cPrepare release version 8.3.278fe8b6Merge pull request #12657 from pytest-dev/patchback/backports/8.3.x/6c806b499...238bad2Merge pull request #12656 from RonnyPfannschmidt/fix-12652-detect-conda-envae6034aMerge pull request #12641 from pytest-dev/patchback/backports/8.3.x/c03989cee...31337abMerge pull request #12640 from pytest-dev/update-userca3070bMerge pull request #12637 from pytest-dev/release-8.3.1de98446Prepare release version 8.3.1bd0a042Merge pull request #12636 from pytest-dev/update-release-notes664325bdoc/changelog: update 8.3.0 notes19d225dMerge pull request #12635 from pytest-dev/release-8.3.0Updates
pytest-asynciofrom 0.23.7 to 0.24.0Release notes
Sourced from pytest-asyncio's releases.
Commits
fb5422fdocs: Set release date for v0.24 in changelog.6dc7f58docs: Add migration guides for pytest-asyncio v0.21 and v0.23.1bfc181Wire Sphinx builds into the RTD config via toxf03cf13Build(deps): Bump hypothesis in /dependencies/default69540bfBuild(deps): Bump attrs from 24.1.0 to 24.2.0 in /dependencies/defaultb0ccfc5Build(deps): Bump hypothesis in /dependencies/default574f1dbBuild(deps): Bump babel from 2.15.0 to 2.16.0 in /dependencies/docsae30dacUpdate .readthedocs.yaml to install pytest-asyncio972a704Derive project version using importlibd587a52[pre-commit.ci] pre-commit autoupdateUpdates
fakerfrom 26.0.0 to 28.0.0Release notes
Sourced from faker's releases.
Changelog
Sourced from faker's changelog.
Commits
b51f852Bump version: 27.4.0 → 28.0.09bcba51:pencil: Update CHANGELOG.md41d2b31update type stubs88ec368Fixpydecimalhandling ofpositivekeyword (#2080)278423bfix and sorted testef59e07Bump version: 27.3.0 → 27.4.08387524:pencil: Update CHANGELOG.md4edeab3fix typing on Python 3.83884008fix test8a1e4aaAdd person provider forpk_PKlocale. (#2083)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging... _Description has been truncated_