Update pyopenssl requirement from ~=19.1 to ~=20.0 (!233) · Merge requests · solutions / modules / openstack

Guillaume Everarts de Velp requested to merge dependabot/pip/pyopenssl-approx-eq-20.0 into master Nov 30, 2020

Created by: dependabot-preview[bot]

Updates the requirements on pyopenssl to permit the latest version.

Changelog

20.0.0 (2020-11-27)

Backward-incompatible changes:

The minimum cryptography version is now 3.2.

Remove deprecated OpenSSL.tsafe module.

Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.

Drop support for Python 3.4

Drop support for OpenSSL 1.0.1 and 1.0.2

Deprecations:

Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

Changes:

Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948

Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943

Added Context.set_keylog_callback to log key material. #910

Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894.

Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #933

Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947

19.1.0 (2019-11-18)

Backward-incompatible changes:

Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814

The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875

Deprecations:

Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820

Changes:

Support bytearray in SSL.Connection.send() by using cffi's from_buffer. #852

The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

19.0.0 (2019-01-21)

Commits

de2dbf7 20.0.0 before 2020 is even over (#968)
09b5d70 fix a memleak (#967)
3562df8 Keep reference to SSL verify_call in Connection object (#956)
f3667e9 Remove leakcheck (#965)
313c1dd Added dependabot for GHA (#961)
52341e8 Migrate CI to GHA (#960)
e93aea7 Fix spelling of set in set_verify docstring (#959)
55f2c2b Stop testing py35 with cryptography master (#958)
5aaef1e Fix typo in debug command output (#957)
124a013 Drop CI for OpenSSL 1.0.2 (#953)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Update pyopenssl requirement from ~=19.1 to ~=20.0

20.0.0 (2020-11-27)

Backward-incompatible changes:

Deprecations:

Changes:

19.1.0 (2019-11-18)

Backward-incompatible changes:

Deprecations:

Changes:

Merge request reports