Bump cryptography from 2.1.4 to 2.3 #203

dependabot · 2020-05-26T12:17:20Z

Bumps cryptography from 2.1.4 to 2.3.

Changelog

Sourced from cryptography's changelog.

2.3 - 2018-07-18

* **SECURITY ISSUE:** :meth:`~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag` allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the ``min_tag_length`` provided to the :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` constructor. *CVE-2018-10903* * Added support for Python 3.7. * Added :meth:`~cryptography.fernet.Fernet.extract_timestamp` to get the authenticated timestamp of a :doc:`Fernet </fernet>` token. * Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated. We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next ``cryptography`` release. * Fixed multiple issues preventing ``cryptography`` from compiling against LibreSSL 2.7.x. * Added :class:`~cryptography.x509.CertificateRevocationList.get_revoked_certificate_by_serial_number` for quick serial number searches in CRLs. * The :class:`~cryptography.x509.RelativeDistinguishedName` class now preserves the order of attributes. Duplicate attributes now raise an error instead of silently discarding duplicates. * :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap` and :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` now raise :class:`~cryptography.hazmat.primitives.keywrap.InvalidUnwrap` if the wrapped key is an invalid length, instead of ``ValueError``. .. _v2-2-2:

2.2.2 - 2018-03-27

Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0h.

.. _v2-2-1:

2.2.1 - 2018-03-20

* Reverted a change to ``GeneralNames`` which prohibited having zero elements, due to breakages. * Fixed a bug in :func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` that caused it to raise ``InvalidUnwrap`` when key length modulo 8 was zero.

.. _v2-2: </tr></table> ... (truncated)

Commits

0a846e2 bump version and changelog for 2.3 release (#4356)
feb1345 Refs #3331 -- integrated wycheproof ECDH tests (#4354)
dfb332d improve skip msg when skipping an ECDH test in test_ec (#4355)
4de0049 add wycheproof gcm tests (#4349)
c563b57 min_tag_length is an int (#4351)
db62ec9 also check iv length for GCM nonce in AEAD (#4350)
12a1cac raise ValueError on zero length GCM IV (#4348)
7ca0e46 add chacha20poly1305 wycheproof tests (#4345)
14faf3c add wycheproof tests for AES CMAC (#4344)
d4378e4 disallow implicit tag truncation with finalize_with_tag (#4342)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [cryptography](https://github.com/pyca/cryptography) from 2.1.4 to 2.3. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](pyca/cryptography@2.1.4...2.3) Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2020-05-26T14:23:16Z

Looks like cryptography is no longer a dependency, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency file label May 26, 2020

dependabot bot closed this May 26, 2020

dependabot bot deleted the dependabot/pip/cryptography-2.3 branch May 26, 2020 14:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump cryptography from 2.1.4 to 2.3 #203

Bump cryptography from 2.1.4 to 2.3 #203

dependabot bot commented on behalf of github May 26, 2020 •

edited

dependabot bot commented on behalf of github May 26, 2020

Bump cryptography from 2.1.4 to 2.3 #203

Bump cryptography from 2.1.4 to 2.3 #203

Conversation

dependabot bot commented on behalf of github May 26, 2020 • edited

dependabot bot commented on behalf of github May 26, 2020

dependabot bot commented on behalf of github May 26, 2020 •

edited