Deploy release v0.39.0

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.38.0
+current_version = 0.39.0
 commit = True
 tag = False
 message = chore: Bump version from {current_version} to {new_version}

.github/workflows/ci.yaml

@@ -34,18 +34,18 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
 
       - name: Set Up Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v5.2.0
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: "${{ matrix.python_version }}"
 
       - name: Create Python Virtual Environment
         run: make python-virtualenv PYTHON_VIRTUALENV_DIR="venv"
 
       - name: Restoring/Saving Cache
-        uses: actions/cache@v4.0.2
+        uses: actions/cache@v4.1.2
         with:
           path: "venv"
           key: py-v1-deps-${{ runner.os }}-${{ matrix.python_version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements-dev.txt') }}-${{ hashFiles('Makefile', 'make/**.mk') }}
@@ -75,15 +75,15 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
 
       - name: Set Up Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v5.2.0
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: "${{ matrix.python_version }}"
 
       - name: Restoring/Saving Cache
-        uses: actions/cache@v4.0.2
+        uses: actions/cache@v4.1.2
         with:
           path: "venv"
           key: py-v1-deps-${{ runner.os }}-${{ matrix.python_version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements-dev.txt') }}-${{ hashFiles('Makefile', 'make/**.mk') }}
@@ -122,7 +122,7 @@ jobs:
           make test-coverage-report
 
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@v4.5.0
+        uses: codecov/codecov-action@v5.0.7
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           directory: ./test-reports/coverage/
@@ -137,7 +137,7 @@ jobs:
 
       - name: Store Artifacts
         if: ${{ always() }}
-        uses: actions/upload-artifact@v4.4.0
+        uses: actions/upload-artifact@v4.4.3
         with:
           name: test_reports_${{ matrix.python_version }}
           path: test-reports/

.github/workflows/dependency-review.yaml

@@ -21,9 +21,9 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@v4.3.4
+        uses: actions/dependency-review-action@v4.5.0
         with:
           fail-on-severity: critical

.github/workflows/deploy.yaml

@@ -38,16 +38,16 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
 
       - name: Set Up Python
         id: set_up_python
-        uses: actions/setup-python@v5.2.0
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: "3.10.9"
 
       - name: Restoring/Saving Cache
-        uses: actions/cache@v4.0.2
+        uses: actions/cache@v4.1.2
         with:
           path: "venv"
           key: py-v1-deps-${{ runner.os }}-${{ steps.set_up_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements-dev.txt') }}-${{ hashFiles('Makefile', 'make/**.mk') }}

.github/workflows/release.yaml

@@ -35,19 +35,19 @@ jobs:
 
     steps:
       - name: Check Out VCS Repository
-        uses: actions/checkout@v4.2.0
+        uses: actions/checkout@v4.2.2
 
       - name: Set Up Python
         id: set_up_python
-        uses: actions/setup-python@v5.2.0
+        uses: actions/setup-python@v5.3.0
         with:
           python-version: "3.10.9"
 
       - name: Create Python Virtual Environment
         run: make python-virtualenv PYTHON_VIRTUALENV_DIR="venv"
 
       - name: Restoring/Saving Cache
-        uses: actions/cache@v4.0.2
+        uses: actions/cache@v4.1.2
         with:
           path: "venv"
           key: py-v1-deps-${{ runner.os }}-${{ steps.set_up_python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements-dev.txt') }}-${{ hashFiles('Makefile', 'make/**.mk') }}
@@ -68,7 +68,7 @@ jobs:
           make dist
 
       - name: Store Artifacts
-        uses: actions/upload-artifact@v4.4.0
+        uses: actions/upload-artifact@v4.4.3
         with:
           name: release
           path: ${{ env.ARTIFACTS_PATH }}/

HISTORY.md

@@ -1,5 +1,17 @@
 # History
 
+## 0.39.0 (2024-12-12)
+
+- (PR #729, 2024-10-30) extras: Fix serialization of `None` in Pydantic `Rut` type
+- (PR #730, 2024-11-19) chore: Bump the production-dependencies group with 6 updates
+- (PR #733, 2024-11-20) chore: Bump the development-dependencies group across 1 directory with 5 updates
+- (PR #734, 2024-12-05) chore: Bump the production-dependencies group with 2 updates
+- (PR #732, 2024-12-05) chore(deps): Bump cryptography from 43.0.1 to 43.0.3
+- (PR #739, 2024-12-09) chore(deps): Bump pydantic from 2.9.2 to 2.10.3
+- (PR #740, 2024-12-09) chore(deps): Bump django from 4.2.16 to 4.2.17
+- (PR #736, 2024-12-12) chore(deps): Bump signxml from 3.2.2 to 4.0.3
+- (PR #742, 2024-12-12) deps: Update  cryptography to 44.0.0 and pyopenssl to 24.3.0
+
 ## 0.38.0 (2024-10-28)
 
 - (PR #725, 2024-10-28) extras: Fix generation of JSON Schema for Pydantic `Rut` type

pyproject.toml

@@ -11,7 +11,7 @@
 [build-system]
 requires = [
   "setuptools==70.3.0",
-  "wheel==0.44.0",
+  "wheel==0.45.0",
 ]
 build-backend = "setuptools.build_meta"
 
@@ -26,7 +26,7 @@ dependencies = [
   "pydantic>=2.3.0,!=1.7.*,!=1.8.*,!=1.9.*",
   "pyOpenSSL>=22.0.0",
   "pytz>=2019.3",
-  "signxml>=3.1.0",
+  "signxml>=4.0.0",
 ]
 requires-python = ">=3.8, <3.11"
 authors = [

requirements-dev.in

@@ -5,17 +5,17 @@
 -c requirements.txt
 
 black==24.8.0
-build==1.2.2
+build==1.2.2.post1
 bumpversion==0.5.3
 coverage==7.6.1
 flake8==7.1.1
 isort==5.13.2
 mypy==1.13.0
 pip-tools==7.4.1
-tox==4.21.0
+tox==4.23.2
 twine==5.1.1
 types-jsonschema==4.23.0.20240813
-types-lxml==2024.9.16
+types-lxml==2024.11.8
 types-pyOpenSSL==24.1.0.20240722
-types-pytz==2024.2.0.20240913
-wheel==0.44.0
+types-pytz==2024.2.0.20241003
+wheel==0.45.0

requirements-dev.txt

@@ -12,7 +12,7 @@ black==24.8.0
     # via -r requirements-dev.in
 bleach==5.0.1
     # via readme-renderer
-build==1.2.2
+build==1.2.2.post1
     # via
     #   -r requirements-dev.in
     #   pip-tools
@@ -40,7 +40,7 @@ colorama==0.4.6
     # via tox
 coverage==7.6.1
     # via -r requirements-dev.in
-cryptography==43.0.1
+cryptography==44.0.0
     # via
     #   -c requirements.txt
     #   secretstorage
@@ -155,7 +155,7 @@ tomli==2.0.1
     #   pyproject-api
     #   pyproject-hooks
     #   tox
-tox==4.21.0
+tox==4.23.2
     # via -r requirements-dev.in
 twine==5.1.1
     # via -r requirements-dev.in
@@ -167,11 +167,11 @@ types-html5lib==1.1.11.20240806
     # via types-beautifulsoup4
 types-jsonschema==4.23.0.20240813
     # via -r requirements-dev.in
-types-lxml==2024.9.16
+types-lxml==2024.11.8
     # via -r requirements-dev.in
 types-pyopenssl==24.1.0.20240722
     # via -r requirements-dev.in
-types-pytz==2024.2.0.20240913
+types-pytz==2024.2.0.20241003
     # via -r requirements-dev.in
 types-setuptools==69.5.0.20240415
     # via types-cffi
@@ -191,7 +191,7 @@ virtualenv==20.26.6
     # via tox
 webencodings==0.5.1
     # via bleach
-wheel==0.44.0
+wheel==0.45.0
     # via
     #   -r requirements-dev.in
     #   pip-tools

requirements.in

@@ -6,7 +6,7 @@
 #   git+https://github.com/example/example.git@example-vcs-ref#egg=example-pkg[foo,bar]==1.42.3
 
 backports-zoneinfo==0.2.1 ; python_version < "3.9" # Used by `djangorestframework`.
-cryptography==43.0.1
+cryptography==44.0.0
 defusedxml==0.7.1
 django-filter>=24.2
 Django>=2.2.24
@@ -15,7 +15,7 @@ importlib-metadata==8.5.0
 jsonschema==4.23.0
 lxml==5.3.0
 marshmallow==3.22.0
-pydantic==2.9.2
-pyOpenSSL==24.2.1
+pydantic==2.10.3
+pyOpenSSL==24.3.0
 pytz==2024.2
-signxml==3.2.2
+signxml==4.0.3

requirements.txt

@@ -21,14 +21,14 @@ certifi==2024.7.4
     # via signxml
 cffi==1.16.0
     # via cryptography
-cryptography==43.0.1
+cryptography==44.0.0
     # via
     #   -r requirements.in
     #   pyopenssl
     #   signxml
 defusedxml==0.7.1
     # via -r requirements.in
-django==4.2.16
+django==4.2.17
     # via
     #   -r requirements.in
     #   django-filter
@@ -59,14 +59,12 @@ pkgutil-resolve-name==1.3.10
     # via jsonschema
 pycparser==2.22
     # via cffi
-pydantic==2.9.2
+pydantic==2.10.3
     # via -r requirements.in
-pydantic-core==2.23.4
+pydantic-core==2.27.1
     # via pydantic
-pyopenssl==24.2.1
-    # via
-    #   -r requirements.in
-    #   signxml
+pyopenssl==24.3.0
+    # via -r requirements.in
 pytz==2024.2
     # via -r requirements.in
 referencing==0.35.1
@@ -77,7 +75,7 @@ rpds-py==0.19.0
     # via
     #   jsonschema
     #   referencing
-signxml==3.2.2
+signxml==4.0.3
     # via -r requirements.in
 sqlparse==0.5.0
     # via django

src/cl_sii/__init__.py

@@ -4,4 +4,4 @@
 
 """
 
-__version__ = '0.38.0'
+__version__ = '0.39.0'

src/cl_sii/extras/pydantic_types.py

@@ -117,7 +117,8 @@ def validate_from_str(value: str) -> cl_sii.rut.Rut:
                 ]
             ),
             serialization=pydantic_core.core_schema.plain_serializer_function_ser_schema(
-                lambda instance: instance.canonical
+                lambda instance: instance.canonical,
+                when_used='unless-none',
             ),
         )
 

src/cl_sii/libs/crypto_utils.py

@@ -157,8 +157,7 @@ def add_pem_cert_header_footer(pem_cert: bytes) -> bytes:
     """
     pem_value_str = pem_cert.decode('ascii')
     # note: it would be great if 'add_pem_header' did not forcefully convert bytes to str.
-    mod_pem_value_str = signxml.util.add_pem_header(pem_value_str)
-    mod_pem_value: bytes = mod_pem_value_str.encode('ascii')
+    mod_pem_value: bytes = signxml.util.add_pem_header(pem_value_str)
     return mod_pem_value
 
 

src/cl_sii/libs/xml_utils.py

@@ -440,14 +440,8 @@ def verify_xml_signature(
         )
 
     if isinstance(trusted_x509_cert, crypto_utils._X509CertOpenSsl):
-        trusted_x509_cert_open_ssl = trusted_x509_cert
-    elif isinstance(trusted_x509_cert, crypto_utils.X509Cert):
-        trusted_x509_cert_open_ssl = crypto_utils._X509CertOpenSsl.from_cryptography(
-            trusted_x509_cert
-        )
-    elif trusted_x509_cert is None:
-        trusted_x509_cert_open_ssl = None
-    else:
+        trusted_x509_cert = trusted_x509_cert.to_cryptography()
+    elif not (isinstance(trusted_x509_cert, crypto_utils.X509Cert) or trusted_x509_cert is None):
         # A 'crypto_utils._X509CertOpenSsl' is ok but we prefer 'crypto_utils.X509Cert'.
         raise TypeError("'trusted_x509_cert' must be a 'crypto_utils.X509Cert' instance, or None.")
 
@@ -481,10 +475,10 @@ def verify_xml_signature(
         #   https://github.com/XML-Security/signxml/commit/ef15da8dbb904f1dedfdd210ae3e0df5da535612
         result = xml_verifier.verify(
             data=tmp_bytes,
-            require_x509=True,
-            x509_cert=trusted_x509_cert_open_ssl,
-            ignore_ambiguous_key_info=True,
+            x509_cert=trusted_x509_cert,
             expect_config=signxml.verifier.SignatureConfiguration(
+                require_x509=True,
+                ignore_ambiguous_key_info=True,
                 signature_methods=frozenset([signxml.algorithms.SignatureMethod.RSA_SHA1]),
                 digest_algorithms=frozenset([signxml.algorithms.DigestAlgorithm.SHA1]),
             ),