snarfed / granary

đŸ’¬ The social web translator
https://granary.io
Creative Commons Zero v1.0 Universal
450 stars 57 forks source link

build(deps): bump ecdsa from 0.18.0 to 0.19.0 #710

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps ecdsa from 0.18.0 to 0.19.0.

Release notes

Sourced from ecdsa's releases.

ecdsa 0.19.0

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes aroung hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is unaffected)
  • Fixes aroung hypothesis parameters
  • Officially support Python 3.11 and 3.12
  • Small updates to test suite to make it work with 3.11 and 3.12 and new releases of test dependencies
  • Dropped the internal _rwlock module as it's unused
  • Added mutation testing to CI, lots of speed-ups to the test suite to make it happen
  • Removal of unnecessary six.b literals (Alexandre Detiste)

Deprecations:

  • int_to_string, string_to_int, and digest_integer from ecdsa.ecdsa module are now considered deprecated, they will be removed in a future release

  • Release 0.18.0 (09 Jul 2022)

New API:

  • curve_by_name in curves module to get a Curve object by providing curve name.

Bug fix:

  • Make the VerifyingKey encoded with explicit parameters use the same kind of point encoding for public key and curve generator.
  • Better handling of malformed curve parameters (as in CVE-2022-0778); make python-ecdsa raise MalformedPointError instead of AssertionError.

Doc fix:

  • Publish the documentation on https://ecdsa.readthedocs.io/, include explanation of basics of handling of ECC data formats and how to use the library for elliptic curve arithmetic.
  • Make object names more consistent, make them into hyperlinks on the readthedocs documentation.
  • Make security note more explicit (Ian Rodney)

... (truncated)

Commits
  • be70016 Merge pull request #337 from tlsfuzzer/release-0.19
  • 217735b allow early exit from worker processes when running mutation testing
  • 6e7adff don't check rate if no tests executed
  • c56030e make coveralls submission work with py2.6 again
  • 66d0d74 add release notes for 0.19.0 release
  • 0d5a38c Merge pull request #156 from tomato42/cosmic-ray
  • 02c8350 be more permissive for the PR mutation test coverage
  • 4845e8f better is_prime()
  • 09f0d10 add hard timeout for test mutation test suite
  • e16173b two digit precision for the mutation score badge
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)