pip prod(deps): bump the pip group with 2 updates #1411

dependabot · 2024-05-15T19:05:38Z

Bumps the pip group with 2 updates: wheel and cryptography.

Updates wheel from 0.37.1 to 0.38.1

Changelog

Release Notes

UNRELEASED

Canonicalize requirements in METADATA file (PR by Wim Jeantine-Glenn)

0.43.0 (2024-03-11)

Dropped support for Python 3.7

Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

Allowed removing build tag with wheel tags --build ""

Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them

Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF

Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

Updated vendored packaging to 23.2

Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)

Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)

Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)

Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)

Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)

Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)

... (truncated)

Commits

6f1608d Created a new release
cf8f5ef Moved news item from PR #484 to its proper place
9ec2016 Removed install dependency on setuptools (#483)
747e1f6 Fixed PyPy SOABI parsing (#484)
7627548 [pre-commit.ci] pre-commit autoupdate (#480)
7b9e8e1 Test on Python 3.11 final
a04dfef Updated the pypi-publish action
94bb62c Fixed docs not building due to code style changes
d635664 Updated the codecov action to the latest version
fcb94cd Updated version to match the release
Additional commits viewable in compare view

Updates cryptography from 39.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the issue. **CVE-2024-26130** * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities`` and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the definitions in :rfc:`2633` :rfc:`3370`. .. _v42-0-3:

42.0.3 - 2024-02-15

Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits

fe18470 Bump for 42.0.4 release (#10445)
aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
df314bb backport actions m1 switch to 42.0.x (#10415)
c49a7a5 changelog and version bump for 42.0.3 (#10396)
396bcf6 fix provider loading take two (#10390) (#10395)
0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 2 updates: [wheel](https://github.com/pypa/wheel) and [cryptography](https://github.com/pyca/cryptography). Updates `wheel` from 0.37.1 to 0.38.1 - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.37.1...0.38.1) Updates `cryptography` from 39.0.1 to 42.0.4 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@39.0.1...42.0.4) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 15, 2024

dependabot bot requested a review from abhinavsingh May 15, 2024 19:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pip prod(deps): bump the pip group with 2 updates #1411

pip prod(deps): bump the pip group with 2 updates #1411

dependabot bot commented on behalf of github May 15, 2024

pip prod(deps): bump the pip group with 2 updates #1411

Are you sure you want to change the base?

pip prod(deps): bump the pip group with 2 updates #1411

Conversation

dependabot bot commented on behalf of github May 15, 2024

Release Notes