Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scheduled monthly dependency update for February #42

Merged
merged 2 commits into from Feb 2, 2021
Merged

Scheduled monthly dependency update for February #42

merged 2 commits into from Feb 2, 2021

Conversation

pyup-bot
Copy link
Contributor

@pyup-bot pyup-bot commented Feb 1, 2021

Update certifi from 2020.11.8 to 2020.12.5.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update chardet from 3.0.4 to 4.0.0.

Changelog

4.0.0

Benchmarking chardet 4.0.0 on CPython 3.7.5 (default, Sep  8 2020, 12:19:42)
[Clang 11.0.3 (clang-1103.0.32.62)]
--------------------------------------------------------------------------------
.......................................................................................................................................................................................................................................................................................................................................................................
Calls per second for each encoding:
Links

Update cryptography from 3.2.1 to 3.3.1.

Changelog

3.3

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** The
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
is to conform with an upcoming OpenSSL release that will no longer support
sizes outside this window.
* **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
unsupported cipher is used. This change is to conform with an upcoming
OpenSSL release that will no longer distinguish between error types.
* **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
Diffie-Hellman parameters of less than 512 bits in length. This change is to
conform with an upcoming OpenSSL release that no longer supports smaller
sizes. These keys were already wildly insecure and should not have been used
in any application outside of testing.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1i.
* Python 2 support is deprecated in ``cryptography``. This is the last release
that will support Python 2.
* Added the
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
function to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
for recovering the signed data from an RSA signature.

.. _v3-2-1:
Links

Update gidgethub from 4.2.0 to 5.0.0.

Changelog

5.0.0

-----

- Add :meth:`gidgethub.routing.Router.fetch` for obtaining a frozenset of functions
registered to the router that the event would be called on.
(`Issue 74 <https://github.com/brettcannon/gidgethub/issues/74>`_).
- Add support for GitHub Actions Environment Files with :meth:`gidgethub.actions.setenv`
and :meth:`gidgethub.actions.addpath`.
(`Issue 137 <https://github.com/brettcannon/gidgethub/issues/132>`_).
- Make router callback execution order non-deterministic to avoid relying on
registration order.
(`Issue 74 <https://github.com/brettcannon/gidgethub/issues/74>`_).
- Fix mypy errors in ``gidgethub.httpx.GitHubAPI._request``
(`Issue 133 <https://github.com/brettcannon/gidgethub/issues/133>`_).
- Make the minimum version of PyJWT be v2.0.0.
Links

Update idna from 2.10 to 3.1.

Changelog

3.1

++++++++++++++++

- Ensure license is included in package (Thanks, Julien Schueller)
- No longer mark wheel has universal (Thanks, Matthieu Darbois)
- Test on PowerPC using Travis CI

3.0

++++++++++++++++

- Python 2 is no longer supported (the 2.x branch supports Python 2,
use "idna<3" in your requirements file if you need Python 2 support)
- Support for V2 UTS 46 test vectors.
Links

Update limnoria from 2020.10.10 to 2021.01.15.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update multidict from 5.0.2 to 5.1.0.

Changelog

5.1.0

==================

Features
--------

- Support ``GenericAliases`` (``MultiDict[str]``) for Python 3.9+
`553 <https://github.com/aio-libs/multidict/issues/553>`_


Bugfixes
--------

- Synchronize the declared supported Python versions in ``setup.py`` with actually supported and tested ones.
`552 <https://github.com/aio-libs/multidict/issues/552>`_


----
Links

Update PyJWT from 1.7.1 to 2.0.1.

Changelog

2.0.1

--------------------------------------------------------------------

Changed
~~~~~~~

- Rename CHANGELOG.md to CHANGELOG.rst and include in docs `597 <https://github.com/jpadilla/pyjwt/pull/597>`__

Fixed
~~~~~

- Fix `from_jwk()` for all algorithms `598 <https://github.com/jpadilla/pyjwt/pull/598>`__

Added
~~~~~

2.0.0

--------------------------------------------------------------------

Changed
~~~~~~~

Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.

Require cryptography >= 3
^^^^^^^^^^^^^^^^^^^^^^^^^

Drop support for PyCrypto and ECDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.

Drop CLI
^^^^^^^^

Dropped the included cli entry point.

Improve typings
^^^^^^^^^^^^^^^

We no longer need to use mypy Python 2 compatibility mode (comments)

``jwt.encode(...)`` return type
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Tokens are returned as string instead of a byte string

Dropped deprecated errors
^^^^^^^^^^^^^^^^^^^^^^^^^

Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.

Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})``
instead.

Dropped deprecated ``verify`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
instead.

Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.

Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``,
use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``.

Added
~~~~~

Introduce better experience for JWKs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.

.. code:: python

 import jwt
 from jwt import PyJWKClient

 token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
 kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
 url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"

 jwks_client = PyJWKClient(url)
 signing_key = jwks_client.get_signing_key_from_jwt(token)

 data = jwt.decode(
     token,
     signing_key.key,
     algorithms=["RS256"],
     audience="https://expenses-api",
     options={"verify_exp": False},
 )
 print(data)

Support for JWKs containing ECDSA keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Ed25519 / EdDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Pull Requests
~~~~~~~~~~~~~

-  Add PyPy3 to the test matrix (550) by jdufresne
-  Require tweak (280) by psafont
-  Decode return type is dict[str, Any] (393) by jacopofar
-  Fix linter error in test\_cli (414) by jaraco
-  Run mypy with tox (421) by jpadilla
-  Document (and prefer) pyjwt[crypto] req format (426) by gthb
-  Correct type for json\_encoder argument (438) by jdufresne
-  Prefer https:// links where available (#439) by jdufresne
-  Pass python\_requires argument to setuptools (440) by jdufresne
-  Rename [wheel] section to [bdist\_wheel] as the former is legacy
(441) by jdufresne
-  Remove setup.py test command in favor of pytest and tox (442) by
jdufresne
-  Fix mypy errors (449) by jpadilla
-  DX Tweaks (450) by jpadilla
-  Add support of python 3.8 (452) by Djailla
-  Fix 406 (454) by justinbaur
-  Add support for Ed25519 / EdDSA, with unit tests (455) by
Someguy123
-  Remove Python 2.7 compatibility (457) by Djailla
-  Fix simple typo: encododed -> encoded (462) by timgates42
-  Enhance tracebacks. (477) by JulienPalard
-  Simplify ``python_requires`` (478) by michael-k
-  Document top-level .encode and .decode to close 459 (482) by
dimaqq
-  Improve documentation for audience usage (484) by CorreyL
-  Correct README on how to run tests locally (489) by jdufresne
-  Fix ``tox -e lint`` warnings and errors (490) by jdufresne
-  Run pyupgrade across project to use modern Python 3 conventions
(491) by jdufresne
-  Add Python-3-only trove classifier and remove "universal" from wheel
(492) by jdufresne
-  Emit warnings about user code, not pyjwt code (494) by mgedmin
-  Move setup information to declarative setup.cfg (495) by jdufresne
-  CLI options for verifying audience and issuer (496) by
GeoffRichards
-  Specify the target Python version for mypy (497) by jdufresne
-  Remove unnecessary compatibility shims for Python 2 (498) by
jdufresne
-  Setup GH Actions (499) by jpadilla
-  Implementation of ECAlgorithm.from\_jwk (500) by jpadilla
-  Remove cli entry point (501) by jpadilla
-  Expose InvalidKeyError on jwt module (503) by russellcardullo
-  Avoid loading token twice in pyjwt.decode (506) by CaselIT
-  Default links to stable version of documentation (508) by salcedo
-  Update README.md badges (510) by jpadilla
-  Introduce better experience for JWKs (511) by jpadilla
-  Fix tox conditional extras (512) by jpadilla
-  Return tokens as string not bytes (513) by jpadilla
-  Drop support for legacy contrib algorithms (514) by jpadilla
-  Drop deprecation warnings (515) by jpadilla
-  Update Auth0 sponsorship link (519) by Sambego
-  Update return type for jwt.encode (521) by moomoolive
-  Run tests against Python 3.9 and add trove classifier (522) by
michael-k
-  Removed redundant ``default_backend()`` (523) by rohitkg98
-  Documents how to use private keys with passphrases (525) by rayluo
-  Update version to 2.0.0a1 (528) by jpadilla
-  Fix usage example (530) by nijel
-  add EdDSA to docs (531) by CircleOnCircles
-  Remove support for EOL Python 3.5 (532) by jdufresne
-  Upgrade to isort 5 and adjust configurations (533) by jdufresne
-  Remove unused argument "verify" from PyJWS.decode() (534) by
jdufresne
-  Update typing syntax and usage for Python 3.6+ (535) by jdufresne
-  Run pyupgrade to simplify code and use Python 3.6 syntax (536) by
jdufresne
-  Drop unknown pytest config option: strict (537) by jdufresne
-  Upgrade black version and usage (538) by jdufresne
-  Remove "Command line" sections from docs (539) by jdufresne
-  Use existing key\_path() utility function throughout tests (540) by
jdufresne
-  Replace force\_bytes()/force\_unicode() in tests with literals (541)
by jdufresne
-  Remove unnecessary Unicode decoding before json.loads() (542) by
jdufresne
-  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
(543) by jdufresne
-  Remove deprecated arguments from docs (544) by jdufresne
-  Update code blocks in docs (545) by jdufresne
-  Refactor jwt/jwks\_client.py without requests dependency (546) by
jdufresne
-  Tighten bytes/str boundaries and remove unnecessary coercing (547)
by jdufresne
-  Replace codecs.open() with builtin open() (548) by jdufresne
-  Replace int\_from\_bytes() with builtin int.from\_bytes() (549) by
jdufresne
-  Enforce .encode() return type using mypy (551) by jdufresne
-  Prefer direct indexing over options.get() (552) by jdufresne
-  Cleanup "noqa" comments (553) by jdufresne
-  Replace merge\_dict() with builtin dict unpacking generalizations
(555) by jdufresne
-  Do not mutate the input payload in PyJWT.encode() (557) by
jdufresne
-  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
(558) by jdufresne
-  Split PyJWT/PyJWS classes to tighten type interfaces (559) by
jdufresne
-  Simplify mocked\_response test utility function (560) by jdufresne
-  Autoupdate pre-commit hooks and apply them (561) by jdufresne
-  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
(562) by jdufresne
-  Add utility functions to assist test skipping (563) by jdufresne
-  Type hint jwt.utils module (564) by jdufresne
-  Prefer ModuleNotFoundError over ImportError (565) by jdufresne
-  Fix tox "manifest" environment to pass (566) by jdufresne
-  Fix tox "docs" environment to pass (567) by jdufresne
-  Simplify black configuration to be closer to upstream defaults (568)
by jdufresne
-  Use generator expressions (569) by jdufresne
-  Simplify from\_base64url\_uint() (570) by jdufresne
-  Drop lint environment from GitHub actions in favor of pre-commit.ci
(571) by jdufresne
-  [pre-commit.ci] pre-commit autoupdate (572)
-  Simplify tox configuration (573) by jdufresne
-  Combine identical test functions using pytest.mark.parametrize()
(574) by jdufresne
-  Complete type hinting of jwks\_client.py (578) by jdufresne
Links

Update PyYAML from 5.3.1 to 5.4.1.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update sentry-sdk from 0.19.4 to 0.19.5.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

Update urllib3 from 1.26.2 to 1.26.3.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

@pyup-bot pyup-bot mentioned this pull request Feb 1, 2021
Closed
@TrueBrain
Update: dependencies update
7a34327 
* Update certifi from 2020.11.8 to 2020.12.5
* Update cryptography from 3.2.1 to 3.3.1
* Update gidgethub from 4.2.0 to 5.0.0
* Update idna from 2.10 to 3.1
* Update limnoria from 2020.10.10 to 2021.01.15
* Update multidict from 5.0.2 to 5.1.0
* Update pyjwt from 1.7.1 to 2.0.1
* Update pyyaml from 5.3.1 to 5.4.1
* Update sentry-sdk from 0.19.4 to 0.19.5
* Update urllib3 from 1.26.2 to 1.26.3
@TrueBrain
Fix: [Docker] update pip to latest when building image
b26b464
@TrueBrain TrueBrain force-pushed the pyup-scheduled-update-2021-02-01 branch from 91e5b17 to b26b464 Compare February 2, 2021 20:04
@TrueBrain
Copy link
Member

Hold back on chardet, as they fail based on dependencies.

@TrueBrain TrueBrain merged commit e33952b into master Feb 2, 2021
@TrueBrain TrueBrain deleted the pyup-scheduled-update-2021-02-01 branch February 2, 2021 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LordAro LordAro LordAro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pyup-bot @TrueBrain @LordAro