Bump cryptography from 37.0.2 to 38.0.3
Created by: dependabot[bot]
Bumps cryptography from 37.0.2 to 38.0.3.
Changelog
Sourced from cryptography's changelog.
38.0.3 - 2022-11-01
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves *CVE-2022-3602* and *CVE-2022-3786*. .. _v38-0-2: 38.0.2 - 2022-10-11 (YANKED)
.. attention::
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
- Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
.. _v38-0-1:
38.0.1 - 2022-09-07
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). .. _v38-0-0: 38.0.0 - 2022-09-06
- Final deprecation of OpenSSL 1.1.0. The next release of
cryptography
will drop support.- We no longer ship
manylinux2010
wheels. Users should upgrade to the latestpip
to ensure this doesn't cause issues downloading wheels on their platform. We now shipmanylinux_2_28
wheels for users on new enough platforms.- Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest
pip
will typically get a wheel and not need Rust installed, but check :doc:/installation
for documentation on installing a newerrustc
if required.- :meth:
~cryptography.fernet.Fernet.decrypt
and related methods now accept bothstr
andbytes
tokens.- Parsing
CertificateSigningRequest
restores the behavior of enforcing that theExtension
critical
field must be correctly encoded DER. Seethe issue <https://github.com/pyca/cryptography/issues/6368>
_ for complete details.- Added two new OpenSSL functions to the bindings to support an upcoming
pyOpenSSL
release.- When parsing :class:
~cryptography.x509.CertificateRevocationList
and
... (truncated)
Commits
-
7d9c6c3
Bump for 38.0.3 release (#7761) -
39f8011
attempt to workaround downstream package testing situation (#7725) (#7757) -
5b12ac8
Use PyPy binaries from manylinux image instead of our own (#7678) (#7693) -
277ee0d
38.0.2 release (#7691) -
ce119b8
version properly in the changelog (#7578) -
3ff5218
Backport tlv fix, 38.0.1 bump (#7576) -
52d6f1a
version bump for 38 release (#7567) -
8c687e6
Bump rust-asn1 to 0.12.1 (#7564) -
aca4b10
Bump rust-asn1 to 0.12.0 (#7563) -
1742975
support setting more PKCS12 serialization encryption options (#7560) - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.