fix(deps): update dependency cryptography to v38.0.3 [security] #76
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![descope[bot]](https://avatars.githubusercontent.com/in/211506?s=60&v=4){kind=small}
![descope-approve[bot]](https://avatars.githubusercontent.com/in/232635?s=60&v=4){kind=small}
Coverage Report
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
descope bot
referenced
this pull request
in descope/django-descope
Nov 30, 2022
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [descope](https://descope.com/) ([source](https://togithub.com/descope/python-sdk)) | dependencies | minor | `0.2.0` -> `==0.3.0` | | [descope](https://descope.com/) ([source](https://togithub.com/descope/python-sdk)) | | minor | `==0.2.0` -> `==0.3.0` | --- ### Release Notes <details> <summary>descope/python-sdk</summary> ### [`v0.3.0`](https://togithub.com/descope/python-sdk/releases/tag/0.3.0) [Compare Source](https://togithub.com/descope/python-sdk/compare/0.2.0...0.3.0) ##### What's Changed - Change exchange to POST by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/63](https://togithub.com/descope/python-sdk/pull/63) - Change access key and refresh session to POST by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/64](https://togithub.com/descope/python-sdk/pull/64) - 1. adjust email_validator for the new version (disable call for dns q… by [@​guyp-descope](https://togithub.com/guyp-descope) in [https://github.com/descope/python-sdk/pull/65](https://togithub.com/descope/python-sdk/pull/65) - fix: use cov xml file for result by [@​omercnet](https://togithub.com/omercnet) in [https://github.com/descope/python-sdk/pull/62](https://togithub.com/descope/python-sdk/pull/62) - chore(deps): update dependency black to v22.10.0 by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/67](https://togithub.com/descope/python-sdk/pull/67) - Extend API to support custom claims by [@​aviadl](https://togithub.com/aviadl) in [https://github.com/descope/python-sdk/pull/68](https://togithub.com/descope/python-sdk/pull/68) - Change SAML start to be post by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/70](https://togithub.com/descope/python-sdk/pull/70) - Change oauth authorize to be post by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/71](https://togithub.com/descope/python-sdk/pull/71) - Fix oauth/saml start to be POST with query params by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/72](https://togithub.com/descope/python-sdk/pull/72) - Add useful headers by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/73](https://togithub.com/descope/python-sdk/pull/73) - Stepup take 2 by [@​aviadl](https://togithub.com/aviadl) in [https://github.com/descope/python-sdk/pull/74](https://togithub.com/descope/python-sdk/pull/74) - Adjust jwt response for access key with authz by [@​guyp-descope](https://togithub.com/guyp-descope) in [https://github.com/descope/python-sdk/pull/75](https://togithub.com/descope/python-sdk/pull/75) - fix(deps): update dependency cryptography to v38.0.3 \[security] by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/76](https://togithub.com/descope/python-sdk/pull/76) - fix(deps): update dependency pyjwt to v2.6.0 by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/77](https://togithub.com/descope/python-sdk/pull/77) - chore(deps): update dependency pytest-cov to v4 by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/69](https://togithub.com/descope/python-sdk/pull/69) - chore(deps): update dependency pytest to v7.2.0 by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/79](https://togithub.com/descope/python-sdk/pull/79) - Add webauthn SignUpOrIn function by [@​shilgapira](https://togithub.com/shilgapira) in [https://github.com/descope/python-sdk/pull/80](https://togithub.com/descope/python-sdk/pull/80) - Have both logout and logout_all as optinos by [@​slavikm](https://togithub.com/slavikm) in [https://github.com/descope/python-sdk/pull/81](https://togithub.com/descope/python-sdk/pull/81) - Add MFA support by [@​aviadl](https://togithub.com/aviadl) in [https://github.com/descope/python-sdk/pull/82](https://togithub.com/descope/python-sdk/pull/82) - chore(deps): update dependency liccheck to v0.7.3 by [@​descope](https://togithub.com/descope) in [https://github.com/descope/python-sdk/pull/83](https://togithub.com/descope/python-sdk/pull/83) - Management by [@​itaihanski](https://togithub.com/itaihanski) in [https://github.com/descope/python-sdk/pull/84](https://togithub.com/descope/python-sdk/pull/84) - Add issuer support as url by [@​dorsha](https://togithub.com/dorsha) in [https://github.com/descope/python-sdk/pull/85](https://togithub.com/descope/python-sdk/pull/85) - Get management key from env var or config params by [@​shilgapira](https://togithub.com/shilgapira) in [https://github.com/descope/python-sdk/pull/87](https://togithub.com/descope/python-sdk/pull/87) - Enchanted link support by [@​aviadl](https://togithub.com/aviadl) in [https://github.com/descope/python-sdk/pull/86](https://togithub.com/descope/python-sdk/pull/86) - Ensure management key is set before passing calls to management APIs by [@​shilgapira](https://togithub.com/shilgapira) in [https://github.com/descope/python-sdk/pull/90](https://togithub.com/descope/python-sdk/pull/90) - Set localhost as default base_url (instead of prod link) by [@​guyp-descope](https://togithub.com/guyp-descope) in [https://github.com/descope/python-sdk/pull/88](https://togithub.com/descope/python-sdk/pull/88) - update poetry lockfile by [@​omercnet](https://togithub.com/omercnet) in [https://github.com/descope/python-sdk/pull/89](https://togithub.com/descope/python-sdk/pull/89) ##### New Contributors - [@​itaihanski](https://togithub.com/itaihanski) made their first contribution in [https://github.com/descope/python-sdk/pull/84](https://togithub.com/descope/python-sdk/pull/84) **Full Changelog**: descope/python-sdk@0.2.0...0.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yMzguMSIsInVwZGF0ZWRJblZlciI6IjMyLjIzOC4xIn0=--> Co-authored-by: descope[bot] <descope[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
38.0.1->38.0.3==38.0.1->==38.0.3GitHub Vulnerability Alerts
GHSA-39hc-v87j-747x
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt.
If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
Release Notes
pyca/cryptography
v38.0.3Compare Source
v38.0.2Compare Source
Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Jerusalem, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.