This PR updates cryptography from 41.0.4 to 42.0.0.
Changelog
### 42.0.0
```
~~~~~~~~~~~~~~~~
.. note:: This version is not yet released and is under active development.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* Parsing SSH certificates no longer permits malformed critical options with
values, as documented in the 41.0.2 release notes.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
X.509 certificate signing requests with the keyword-only argument
``rsa_padding`` on
:meth:`~cryptography.x509.CertificateSigningRequestBuilder.sign`.
* Added support for obtaining X.509 certificate signing request signature
algorithm parameters (including PSS) via
:meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added `mgf` property to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added `algorithm` and `mgf` properties to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
These are timezone-aware variants of existing properties that return naïve
``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime`` objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`,
:meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
:meth:`~cryptography.x509.CertificateRevocationList.next_update`,
:meth:`~cryptography.x509.CertificateRevocationList.last_update`
in favor of the new timezone-aware variants mentioned above.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
:meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.add_signer`.
* In the next release (43.0.0) of cryptography, loading an X.509 certificate
with a negative serial number will raise an exception. This has been
deprecated since 36.0.0.
.. _v41-0-7:
```
### 41.0.7
```
~~~~~~~~~~~~~~~~~~~
* Fixed compilation when using LibreSSL 3.8.2.
.. _v41-0-6:
```
### 41.0.6
```
~~~~~~~~~~~~~~~~~~~
* Fixed a null-pointer-dereference and segfault that could occur when loading
certificates from a PKCS7 bundle. Credit to **pkuzco** for reporting the
issue. **CVE-2023-49083**
.. _v41-0-5:
```
### 41.0.5
```
~~~~~~~~~~~~~~~~~~~
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.
.. _v41-0-4:
```
Links
- PyPI: https://pypi.org/project/cryptography
- Changelog: https://data.safetycli.com/changelogs/cryptography/
This PR updates cryptography from 41.0.4 to 42.0.0.
Changelog
### 42.0.0 ``` ~~~~~~~~~~~~~~~~ .. note:: This version is not yet released and is under active development. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for X.509 certificate signing requests with the keyword-only argument ``rsa_padding`` on :meth:`~cryptography.x509.CertificateSigningRequestBuilder.sign`. * Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via :meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`. * Added `mgf` property to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. * Added `algorithm` and `mgf` properties to :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`. * Added the following properties that return timezone-aware ``datetime`` objects: :meth:`~cryptography.x509.Certificate.not_valid_before_utc`, :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`, :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`, :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`. These are timezone-aware variants of existing properties that return naïve ``datetime`` objects. * Deprecated the following properties that return naïve ``datetime`` objects: :meth:`~cryptography.x509.Certificate.not_valid_before`, :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth:`~cryptography.x509.RevokedCertificate.revocation_date`, :meth:`~cryptography.x509.CertificateRevocationList.next_update`, :meth:`~cryptography.x509.CertificateRevocationList.last_update` in favor of the new timezone-aware variants mentioned above. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20` on LibreSSL. * Added support for RSA PSS signatures in PKCS7 with :meth:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.add_signer`. * In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0. .. _v41-0-7: ``` ### 41.0.7 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed compilation when using LibreSSL 3.8.2. .. _v41-0-6: ``` ### 41.0.6 ``` ~~~~~~~~~~~~~~~~~~~ * Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS7 bundle. Credit to **pkuzco** for reporting the issue. **CVE-2023-49083** .. _v41-0-5: ``` ### 41.0.5 ``` ~~~~~~~~~~~~~~~~~~~ * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4. * Added a function to support an upcoming ``pyOpenSSL`` release. .. _v41-0-4: ```Links
- PyPI: https://pypi.org/project/cryptography - Changelog: https://data.safetycli.com/changelogs/cryptography/