Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cryptography to 2.3 #173

Merged
merged 2 commits into from
Jul 29, 2018
Merged

Update cryptography to 2.3 #173

merged 2 commits into from
Jul 29, 2018

Conversation

pyup-bot
Copy link
Contributor

This PR updates cryptography from 2.2.2 to 2.3.

Changelog

2.3

~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:**
:meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag`
allowed tag truncation by default which can allow tag forgery in some cases.
The method now enforces the ``min_tag_length`` provided to the
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor.
* Added support for Python 3.7.
* Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the
authenticated timestamp of a :doc:`Fernet </fernet>` token.
* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
``cryptography`` release.
* Fixed multiple issues preventing ``cryptography`` from compiling against
LibreSSL 2.7.x.
* Added
:class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number`
for quick serial number searches in CRLs.
* The :class:`~cryptography.x509.RelativeDistinguishedName` class now
preserves the order of attributes. Duplicate attributes now raise an error
instead of silently discarding duplicates.
* :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if
the wrapped key is an invalid length, instead of ``ValueError``.

.. _v2-2-2:
Links

@ljvmiranda921 ljvmiranda921 mentioned this pull request Jul 25, 2018
Merged
12 tasks
ljvmiranda921
ljvmiranda921 requested changes Jul 26, 2018
View reviewed changes
requirements_dev.txt
@@ -7,7 +7,7 @@ mock==2.0.0
tox==3.0.0
coverage==4.5.1
Sphinx==1.7.5
cryptography==2.2.2
cryptography==2.3
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wait for PyYAML fix

@ljvmiranda921 ljvmiranda921 changed the base branch from master to update-dependencies July 29, 2018 10:25
@ljvmiranda921 ljvmiranda921 merged commit 0e37136 into update-dependencies Jul 29, 2018
ljvmiranda921 added a commit that referenced this pull request Jul 30, 2018
@ljvmiranda921
Update dependencies in requirements_dev.txt (#188)
63ef1ab 
The following updates were done by pyup-bot:

- Update pytest from 3.6.3 to 3.6.4 (#184)
- Update pip from 10.0.1 to 18.0 (#178)
- Update cryptography from 2.2.2 to 2.3 (#173)
- Update sphinx from 1.7.5 to 1.7.6 (#166)
- Update tox from 3.0.0 to 3.1.2 (#162)
@ljvmiranda921 ljvmiranda921 deleted the pyup-update-cryptography-2.2.2-to-2.3 branch August 9, 2018 00:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljvmiranda921 ljvmiranda921 ljvmiranda921 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pyup-bot @ljvmiranda921