Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial Update #3

Closed
wants to merge 9 commits into from
Closed

Initial Update #3

wants to merge 9 commits into from

Conversation

pyup-bot
Copy link

@pyup-bot pyup-bot commented Jul 1, 2017

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

certifi 2016.9.26 » 2017.4.17 PyPI | Homepage
cffi 1.9.1 » 1.10.0 PyPI | Changelog | Docs
cryptography 1.7.1 » 1.9 PyPI | Changelog | Repo
idna 2.2 » 2.5 PyPI | Changelog | Repo
nexmo 1.4.0 » 1.5.0 PyPI | Changelog | Repo
pyasn1 0.1.9 » 0.2.3 PyPI | Changelog | Repo
PyJWT 1.4.2 » 1.5.2 PyPI | Changelog | Repo
requests 2.12.4 » 2.18.1 PyPI | Changelog | Homepage
tornado 4.4.2 » 4.5.1 PyPI | Changelog | Homepage

Changelogs

cffi 1.9.1 -> 1.10.0

1.10

=====

  • Issue 295: use calloc() directly instead of
    PyObject_Malloc()+memset() to handle ffi.new() with a default
    allocator. Speeds up ffi.new(large-array) where most of the time
    you never touch most of the array.
  • Some OS/X build fixes ("only with Xcode but without CLT").
  • Improve a couple of error messages: when getting mismatched versions
    of cffi and its backend; and when calling functions which cannot be
    called with libffi because an argument is a struct that is "too
    complicated" (and not a struct pointer, which always works).
  • Add support for some unusual compilers (non-msvc, non-gcc, non-icc,
    non-clang)
  • Implemented the remaining cases for ffi.from_buffer. Now all
    buffer/memoryview objects can be passed. The one remaining check is
    against passing unicode strings in Python 2. (They support the buffer
    interface, but that gives the raw bytes behind the UTF16/UCS4 storage,
    which is most of the times not what you expect. In Python 3 this has
    been fixed and the unicode strings don't support the memoryview
    interface any more.)
  • The C type _Bool or bool now converts to a Python boolean
    when reading, instead of the content of the byte as an integer. The
    potential incompatibility here is what occurs if the byte contains a
    value different from 0 and 1. Previously, it would just return it;
    with this change, CFFI raises an exception in this case. But this
    case means "undefined behavior" in C; if you really have to interface
    with a library relying on this, don't use bool in the CFFI side.
    Also, it is still valid to use a byte string as initializer for a
    bool[], but now it must only contain \x00 or \x01. As an
    aside, ffi.string() no longer works on bool[] (but it never
    made much sense, as this function stops at the first zero).
  • ffi.buffer is now the name of cffi's buffer type, and
    ffi.buffer() works like before but is the constructor of that type.
  • ffi.addressof(lib, "name") now works also in in-line mode, not
    only in out-of-line mode. This is useful for taking the address of
    global variables.
  • Issue 255: cdata objects of a primitive type (integers, floats,
    char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'>
    compares equal to b'A'. Unlike C, <cdata 'int' -1> does not
    compare equal to ffi.cast("unsigned int", -1): it compares
    smaller, because -1 < 4294967295.
  • PyPy: ffi.new() and ffi.new_allocator()() did not record
    "memory pressure", causing the GC to run too infrequently if you call
    ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7.
  • Support in ffi.cdef() for numeric expressions with + or
    -. Assumes that there is no overflow; it should be fixed first
    before we add more general support for arbitrary arithmetic on
    constants.

cryptography 1.7.1 -> 1.9

1.9

  • BACKWARDS INCOMPATIBLE: Elliptic Curve signature verification no longer
    returns True on success. This brings it in line with the interface's
    documentation, and our intent. The correct way to use
    :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify
    has always been to check whether or not
    :class:~cryptography.exceptions.InvalidSignature was raised.
  • BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.7 and 10.8.
  • BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.3.
  • Python 3.3 support has been deprecated, and will be removed in the next
    cryptography release.
  • Add support for providing tag during
    :class:~cryptography.hazmat.primitives.ciphers.modes.GCM finalization via
    :meth:~cryptography.hazmat.primitives.ciphers.AEADDecryptionContext.finalize_with_tag.
  • Fixed an issue preventing cryptography from compiling against
    LibreSSL 2.5.x.
  • Added
    :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.key_size
    and
    :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.key_size
    as convenience methods for determining the bit size of a secret scalar for
    the curve.
  • Accessing an unrecognized extension marked critical on an X.509 object will
    no longer raise an UnsupportedExtension exception, instead an
    :class:~cryptography.x509.UnrecognizedExtension object will be returned.
    This behavior was based on a poor reading of the RFC, unknown critical
    extensions only need to be rejected on certificate verification.
  • The CommonCrypto backend has been removed.
  • MultiBackend has been removed.
  • Whirlpool and RIPEMD160 have been deprecated.

1.8.2

  • Fixed a compilation bug affecting OpenSSL 1.1.0f.
  • Updated Windows and macOS wheels to be compiled against OpenSSL 1.1.0f.

1.8.1

  • Fixed macOS wheels to properly link against 1.1.0 rather than 1.0.2.

1.8

  • Added support for Python 3.6.
  • Windows and macOS wheels now link against OpenSSL 1.1.0.
  • macOS wheels are no longer universal. This change significantly shrinks the
    size of the wheels. Users on macOS 32-bit Python (if there are any) should
    migrate to 64-bit or build their own packages.
  • Changed ASN.1 dependency from pyasn1 to asn1crypto resulting in a
    general performance increase when encoding/decoding ASN.1 structures. Also,
    the pyasn1_modules test dependency is no longer required.
  • Added support for
    :meth:~cryptography.hazmat.primitives.ciphers.CipherContext.update_into on
    :class:~cryptography.hazmat.primitives.ciphers.CipherContext.
  • Added
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes
    to
    :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.
  • Added
    :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes
    to
    :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.
  • :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key
    and
    :func:~cryptography.hazmat.primitives.serialization.load_der_private_key
    now require that password must be bytes if provided. Previously this
    was documented but not enforced.
  • Added support for subgroup order in :doc:/hazmat/primitives/asymmetric/dh.

1.7.2

  • Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.

idna 2.2 -> 2.5

2.5

++++++++++++++++

  • Fix bug with Katakana middle dot context-rule (Thanks, Greg
    Shikhman.)

2.4

++++++++++++++++

  • Restore IDNAError to be a subclass of UnicodeError, as some users of
    this library are only looking for the latter to catch invalid strings.

2.3

++++++++++++++++

  • Fix bugs relating to deriving IDNAError from UnicodeError.
  • More memory footprint improvements (Thanks, Alex Gaynor)

nexmo 1.4.0 -> 1.5.0

1.5.0

  • Added ability to provide a file path as private_key param no the nexmo.Client constructor
  • Added send/stop endpoints for audio/speech/dtmf
  • Added new number insight endpoints

PyJWT 1.4.2 -> 1.5.2

1.5.2

1.5.01.5.0


Changed

  • Add support for ECDSA public keys in RFC 4253 (OpenSSH) format 244
  • Renamed commandline script jwt to jwt-cli to avoid issues with the script clobbering the jwt module in some circumstances. 187
  • Better error messages when using an algorithm that requires the cryptography package, but it isn't available 230
  • Tokens with future 'iat' values are no longer rejected 190
  • Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
  • Remove rejection of future 'iat' claims 252

Fixed

  • Add back 'ES512' for backward compatibility (for now) 225
  • Fix incorrectly named ECDSA algorithm 219
  • Fix rpm build 196

Added

  • Add JWK support for HMAC and RSA keys 202

1.5.1

1.5.0

1.4.21.4.2


Fixed

  • A PEM-formatted key encoded as bytes could cause a TypeError to be raised 213

1.4.11.4.1


Fixed

  • Newer versions of Pytest could not detect warnings properly 182
  • Non-string 'kid' value now raises InvalidTokenError 174
  • jwt.decode(None) now gracefully fails with InvalidTokenError 183

requests 2.12.4 -> 2.18.1

2.18.1

+++++++++++++++++++

Bugfixes

  • Fix an error in the packaging whereby the *.whl contained incorrect data that
    regressed the fix in v2.17.3.

2.18.0

+++++++++++++++++++

Improvements

  • Response is now a context manager, so can be used directly in a with statement
    without first having to be wrapped by contextlib.closing().

Bugfixes

  • Resolve installation failure if multiprocessing is not available
  • Resolve tests crash if multiprocessing is not able to determine the number of CPU cores
  • Resolve error swallowing in utils set_environ generator

2.17.3

+++++++++++++++++++

Improvements

  • Improved packages namespace identity support, for monkeypatching libraries.

2.17.2

+++++++++++++++++++

Improvements

  • Improved packages namespace identity support, for monkeypatching libraries.

2.17.1

+++++++++++++++++++

Improvements

  • Improved packages namespace identity support, for monkeypatching libraries.

2.17.0

+++++++++++++++++++

Improvements

  • Removal of the 301 redirect cache. This improves thread-safety.

2.16.5

+++++++++++++++++++

  • Improvements to $ python -m requests.help.

2.16.4

+++++++++++++++++++

  • Introduction of the $ python -m requests.help command, for debugging with maintainers!

2.16.3

+++++++++++++++++++

  • Further restored the requests.packages namespace for compatibility reasons.

2.16.2

+++++++++++++++++++

  • Further restored the requests.packages namespace for compatibility reasons.

No code modification (noted below) should be neccessary any longer.

2.16.1

+++++++++++++++++++

  • Restored the requests.packages namespace for compatibility reasons.
  • Bugfix for urllib3 version parsing.

Note: code that was written to import against the requests.packages
namespace previously will have to import code that rests at this module-level
now.

For example::

from requests.packages.urllib3.poolmanager import PoolManager

Will need to be re-written to be::

from requests.packages import urllib3
urllib3.poolmanager.PoolManager

Or, even better::

from urllib3.poolmanager import PoolManager

2.16.0

+++++++++++++++++++

  • Unvendor ALL the things!

2.15.1

+++++++++++++++++++

  • Everyone makes mistakes.

2.15.0

+++++++++++++++++++

Improvements

  • Introduction of the Response.next property, for getting the next
    PreparedResponse from a redirect chain (when allow_redirects=False).
  • Internal refactoring of __version__ module.

Bugfixes

  • Restored once-optional parameter for requests.utils.get_environ_proxies().

2.14.2

+++++++++++++++++++

Bugfixes

  • Changed a less-than to an equal-to and an or in the dependency markers to
    widen compatibility with older setuptools releases.

2.14.1

+++++++++++++++++++

Bugfixes

  • Changed the dependency markers to widen compatibility with older pip
    releases.

2.14.0

+++++++++++++++++++

Improvements

  • It is now possible to pass no_proxy as a key to the proxies
    dictionary to provide handling similar to the NO_PROXY environment
    variable.
  • When users provide invalid paths to certificate bundle files or directories
    Requests now raises IOError, rather than failing at the time of the HTTPS
    request with a fairly inscrutable certificate validation error.
  • The behavior of SessionRedirectMixin was slightly altered.
    resolve_redirects will now detect a redirect by calling
    get_redirect_target(response) instead of directly
    querying Response.is_redirect and Response.headers['location'].
    Advanced users will be able to process malformed redirects more easily.
  • Changed the internal calculation of elapsed request time to have higher
    resolution on Windows.
  • Added win_inet_pton as conditional dependency for the [socks] extra
    on Windows with Python 2.7.
  • Changed the proxy bypass implementation on Windows: the proxy bypass
    check doesn't use forward and reverse DNS requests anymore
  • URLs with schemes that begin with http but are not http or https
    no longer have their host parts forced to lowercase.

Bugfixes

  • Much improved handling of non-ASCII Location header values in redirects.
    Fewer UnicodeDecodeErrors are encountered on Python 2, and Python 3 now
    correctly understands that Latin-1 is unlikely to be the correct encoding.
  • If an attempt to seek file to find out its length fails, we now
    appropriately handle that by aborting our content-length calculations.
  • Restricted HTTPDigestAuth to only respond to auth challenges made on 4XX
    responses, rather than to all auth challenges.
  • Fixed some code that was firing DeprecationWarning on Python 3.6.
  • The dismayed person emoticon (/o\\) no longer has a big head. I'm sure
    this is what you were all worrying about most.

Miscellaneous

  • Updated bundled urllib3 to v1.21.1.
  • Updated bundled chardet to v3.0.2.
  • Updated bundled idna to v2.5.
  • Updated bundled certifi to 2017.4.17.

2.13.0

+++++++++++++++++++

Features

  • Only load the idna library when we've determined we need it. This will
    save some memory for users.

Miscellaneous

  • Updated bundled urllib3 to 1.20.
  • Updated bundled idna to 2.2.

2.12.5

+++++++++++++++++++

Bugfixes

  • Fixed an issue with JSON encoding detection, specifically detecting
    big-endian UTF-32 with BOM.

tornado 4.4.2 -> 4.5.1

4.5.1

4.5.0

4.4.3

Once you have closed this pull request, I'll create separate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

@aaronbassett
Copy link
Contributor

Fixed in #2

@aaronbassett aaronbassett deleted the pyup-initial-update branch July 1, 2017 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants