Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scheduled weekly dependency update for week 24 #7435

Merged
merged 2 commits into from
Jun 15, 2020
Merged

Scheduled weekly dependency update for week 24 #7435

merged 2 commits into from
Jun 15, 2020

Conversation

pyup-bot
Copy link
Contributor

Update flask-restx from 0.2.0 to 0.2.0.

Changelog

0.2.0

This release properly fixes the issue raised by the release of werkzeug 1.0.

**Bug Fixes**

- Remove deprecated werkzeug imports 35 
- Fix OrderedDict imports 54 
- Fixing Swagger Issue when using `api.expect()` on a request parser 20 

**Enhancements**

- use `black` to enforce a formatting codestyle 60 
- improve test workflows

0.1.1

This release is mostly a hotfix release to address incompatibility issue with the recent release of [werkzeug](https://github.com/pallets/werkzeug) 1.0.

Bug Fixes

- pin werkzeug version 39 
- register wildcard fields in docs 24 
- update package.json version accordingly with the flask-restx version and update the author 38 

Enhancements

- use github actions instead of travis-ci 18

0.1

Welcome to the first release of Flask-RESTX!

This is effectively the long awaited `0.14.0` release of Flask-RESTPlus that
motivated this new fork (see https://github.com/noirbizarre/flask-restplus/issues/743). In light of this, these release notes will mostly detail the changes made to Flask-RESTPlus since `0.13.0`.

Bug Fixes

- Fix exceptions/error handling bugs https://github.com/noirbizarre/flask-restplus/pull/706/files https://github.com/noirbizarre/flask-restplus/pull/741
- Fix illegal characters in JSON references to model names https://github.com/noirbizarre/flask-restplus/pull/653
- Support `envelope` parameter in Swagger documentation https://github.com/noirbizarre/flask-restplus/pull/673
- Fix polymorph field ambiguity https://github.com/noirbizarre/flask-restplus/pull/691
- Fix wildcard support for `fields.Nested` and `fields.List` https://github.com/noirbizarre/flask-restplus/pull/739

Enhancements

- Api/Namespace individual loggers https://github.com/noirbizarre/flask-restplus/pull/708
- Various deprecated import changes https://github.com/noirbizarre/flask-restplus/pull/732 https://github.com/noirbizarre/flask-restplus/pull/738
- Start the Flask-RESTX fork!
- Rename all the things https://github.com/python-restx/flask-restx/pull/2 https://github.com/python-restx/flask-restx/pull/9
- Set up releases from CI https://github.com/python-restx/flask-restx/pull/12
 - Not a library enhancement but this was much needed - thanks ziirish !
Links

Update pyjwt from 1.7.1 to 1.7.1.

Changelog

1.7.1

[109]: https://github.com/jpadilla/pyjwt/pull/109
[110]: https://github.com/jpadilla/pyjwt/pull/110
[100]: https://github.com/jpadilla/pyjwt/pull/100
[101]: https://github.com/jpadilla/pyjwt/pull/101
[103]: https://github.com/jpadilla/pyjwt/pull/103
[85]: https://github.com/jpadilla/pyjwt/pull/85
[882524d]: https://github.com/jpadilla/pyjwt/commit/882524d
[bd57b02]: https://github.com/jpadilla/pyjwt/commit/bd57b02
[131]: https://github.com/jpadilla/pyjwt/pull/131
[132]: https://github.com/jpadilla/pyjwt/pull/132
[128]: https://github.com/jpadilla/pyjwt/pull/128
[141]: https://github.com/jpadilla/pyjwt/pull/141
[158]: https://github.com/jpadilla/pyjwt/pull/158
[163]: https://github.com/jpadilla/pyjwt/pull/163
[174]: https://github.com/jpadilla/pyjwt/pull/174
[182]: https://github.com/jpadilla/pyjwt/pull/182
[183]: https://github.com/jpadilla/pyjwt/pull/183
[190]: https://github.com/jpadilla/pyjwt/pull/190
[213]: https://github.com/jpadilla/pyjwt/pull/214
[244]: https://github.com/jpadilla/pyjwt/pull/244
[202]: https://github.com/jpadilla/pyjwt/pull/202
[252]: https://github.com/jpadilla/pyjwt/pull/252
[225]: https://github.com/jpadilla/pyjwt/pull/225
[219]: https://github.com/jpadilla/pyjwt/pull/219
[196]: https://github.com/jpadilla/pyjwt/pull/196
[187]: https://github.com/jpadilla/pyjwt/pull/187
[230]: https://github.com/jpadilla/pyjwt/pull/230
[238]: https://github.com/jpadilla/pyjwt/pull/238
[262]: https://github.com/jpadilla/pyjwt/pull/262
[264]: https://github.com/jpadilla/pyjwt/pull/264
[270]: https://github.com/jpadilla/pyjwt/pull/270
[271]: https://github.com/jpadilla/pyjwt/pull/271
[277]: https://github.com/jpadilla/pyjwt/pull/277
[281]: https://github.com/jpadilla/pyjwt/pull/281
[301]: https://github.com/jpadilla/pyjwt/pull/301
[304]: https://github.com/jpadilla/pyjwt/pull/304
[306]: https://github.com/jpadilla/pyjwt/pull/306
[315]: https://github.com/jpadilla/pyjwt/pull/315
[316]: https://github.com/jpadilla/pyjwt/pull/316
[336]: https://github.com/jpadilla/pyjwt/pull/336
[337]: https://github.com/jpadilla/pyjwt/pull/337
[340]: https://github.com/jpadilla/pyjwt/pull/340
[344]: https://github.com/jpadilla/pyjwt/pull/344
[350]: https://github.com/jpadilla/pyjwt/pull/350
[352]: https://github.com/jpadilla/pyjwt/pull/352
[353]: https://github.com/jpadilla/pyjwt/pull/353
[360]: https://github.com/jpadilla/pyjwt/pull/360
[375]: https://github.com/jpadilla/pyjwt/pull/375
[379]: https://github.com/jpadilla/pyjwt/pull/379
[384]: https://github.com/jpadilla/pyjwt/pull/384
[7c1e61d]: https://github.com/jpadilla/pyjwt/commit/7c1e61dde27bafe16e7d1bb6e35199e778962742
[7ca41e]: https://github.com/jpadilla/pyjwt/commit/7ca41e53b3d7d9f5cd31bdd8a2b832d192006239

1.6.41.6.4

-------------------------------------------------------------------------
Fixed

- Reverse an unintentional breaking API change to .decode() [352][352]

1.6.31.6.3

-------------------------------------------------------------------------
Changed

- All exceptions inherit from PyJWTError [340][340]

Added

- Add type hints [344][344]
- Add help module [7ca41e][7ca41e]

Docs

- Added section to usage docs for jwt.get_unverified_header() [350][350]
- Update legacy instructions for using pycrypto [337][337]

1.6.11.6.1

-------------------------------------------------------------------------
Fixed

- Audience parameter throws `InvalidAudienceError` when application does not specify an audience, but the token does. [336][336]

1.6.01.6.0

-------------------------------------------------------------------------
Changed

- Dropped support for python 2.6 and 3.3 [301][301]
- An invalid signature now raises an `InvalidSignatureError` instead of `DecodeError` [316][316]

Fixed

- Fix over-eager fallback to stdin [304][304]

Added

- Audience parameter now supports iterables [306][306]

1.5.31.5.3

-------------------------------------------------------------------------
Changed

- Increase required version of the cryptography package to >=1.4.0.

Fixed

- Remove uses of deprecated functions from the cryptography package.
- Warn about missing `algorithms` param to `decode()` only when `verify` param is `True` [281][281]

1.5.21.5.2

-------------------------------------------------------------------------
Fixed

- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]

1.5.11.5.1

-------------------------------------------------------------------------
Changed

- Change optparse for argparse. [238][238]

Fixed

- Guard against PKCS1 PEM encododed public keys [277][277]
- Add deprecation warning when decoding without specifying `algorithms` [277][277]
- Improve deprecation messages [270][270]
- PyJWT.decode: move verify param into options [271][271]

Added

- Support for Python 3.6 [262][262]
- Expose jwt.InvalidAlgorithmError [264][264]

1.5.01.5.0

-------------------------------------------------------------------------
Changed
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [244][244]
- Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [187][187]
- Better error messages when using an algorithm that requires the cryptography package, but it isn't available [230][230]
- Tokens with future 'iat' values are no longer rejected [190][190]
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims [252][252]

Fixed
- Add back 'ES512' for backward compatibility (for now) [225][225]
- Fix incorrectly named ECDSA algorithm [219][219]
- Fix rpm build [196][196]

Added
- Add JWK support for HMAC and RSA keys [202][202]

1.4.21.4.2

-------------------------------------------------------------------------
Fixed
- A PEM-formatted key encoded as bytes could cause a `TypeError` to be raised [213][213]

1.4.11.4.1

-------------------------------------------------------------------------
Fixed
- Newer versions of Pytest could not detect warnings properly [182][182]
- Non-string 'kid' value now raises `InvalidTokenError` [174][174]
- `jwt.decode(None)` now gracefully fails with `InvalidTokenError` [183][183]

1.2.01.2.0

-------------------------------------------------------------------------
Fixed
- Added back `verify_expiration=` argument to `jwt.decode()` that was erroneously removed in [v1.1.0][1.1.0].


Changed
- Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. [141][141]

Deprecated
- `verify_expiration=` argument to `jwt.decode()` is now deprecated and will be removed in a future version. Use the `option=` argument instead.

1.1.01.1.0

-------------------------------------------------------------------------
Added
- Added support for PS256, PS384, and PS512 algorithms. [132][132]
- Added flexible and complete verification options during decode. [131][131]
- Added this CHANGELOG.md file.


Deprecated
- Deprecated usage of the .decode(..., verify=False) parameter.


Fixed
- Fixed command line encoding. [128][128]

1.0.11.0.1

-------------------------------------------------------------------------
Fixed
- Include jwt/contrib' and jwt/contrib/algorithms` in setup.py so that they will
actually be included when installing. [882524d][882524d]
- Fix bin/jwt after removing jwt.header(). [bd57b02][bd57b02]

1.0.01.0.0

-------------------------------------------------------------------------
Changed
- Moved `jwt.api.header` out of the public API. [85][85]
- Added README details how to extract public / private keys from an x509 certificate. [100][100]
- Refactor api.py functions into an object (`PyJWT`). [101][101]
- Added support for PyCrypto and ecdsa when cryptography isn't available. [101][103]

Fixed
- Fixed a security vulnerability where `alg=None` header could bypass signature verification. [109][109]
- Fixed a security vulnerability by adding support for a whitelist of allowed `alg` values `jwt.decode(algorithms=[])`. [110][110]


[unreleased]: https://github.com/jpadilla/pyjwt/compare/1.4.2...HEAD
Links

@vorpal-buildbot
Copy link
Contributor

Changelogs

Warning: 16 is pinned to a specific version.
Warning: 39 is pinned to a specific version.

flask-restx 0.2.0

No release notes found.

pyjwt 1.6.41.6.4

Fixed

  • Reverse an unintentional breaking API change to .decode() 352

pyjwt 1.6.31.6.3

Changed

  • All exceptions inherit from PyJWTError 340

Added

Docs

  • Added section to usage docs for jwt.get_unverified_header() 350
  • Update legacy instructions for using pycrypto 337

pyjwt 1.6.11.6.1

Fixed

  • Audience parameter throws InvalidAudienceError when application does not specify an audience, but the token does. 336

pyjwt 1.6.01.6.0

Changed

  • Dropped support for python 2.6 and 3.3 301
  • An invalid signature now raises an InvalidSignatureError instead of DecodeError 316

Fixed

  • Fix over-eager fallback to stdin 304

Added

  • Audience parameter now supports iterables 306

pyjwt 1.5.31.5.3

Changed

  • Increase required version of the cryptography package to >=1.4.0.

Fixed

  • Remove uses of deprecated functions from the cryptography package.
  • Warn about missing algorithms param to decode() only when verify param is True 281

pyjwt 1.5.21.5.2

Fixed

  • Ensure correct arguments order in decode super call 7c1e61d

pyjwt 1.5.11.5.1

Changed

  • Change optparse for argparse. 238

Fixed

  • Guard against PKCS1 PEM encoded public keys 277
  • Add deprecation warning when decoding without specifying algorithms 277
  • Improve deprecation messages 270
  • PyJWT.decode: move verify param into options 271

Added

  • Support for Python 3.6 262
  • Expose jwt.InvalidAlgorithmError 264

pyjwt 1.5.01.5.0

Changed

  • Add support for ECDSA public keys in RFC 4253 (OpenSSH) format 244
  • Renamed commandline script jwt to jwt-cli to avoid issues with the script clobbering the jwt module in some circumstances. 187
  • Better error messages when using an algorithm that requires the cryptography package, but it isn't available 230
  • Tokens with future 'iat' values are no longer rejected 190
  • Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
  • Remove rejection of future 'iat' claims 252

Fixed

  • Add back 'ES512' for backward compatibility (for now) 225
  • Fix incorrectly named ECDSA algorithm 219
  • Fix rpm build 196

Added

  • Add JWK support for HMAC and RSA keys 202

pyjwt 1.4.21.4.2

Fixed

  • A PEM-formatted key encoded as bytes could cause a TypeError to be raised 213

pyjwt 1.4.11.4.1

Fixed

  • Newer versions of Pytest could not detect warnings properly 182
  • Non-string 'kid' value now raises InvalidTokenError 174
  • jwt.decode(None) now gracefully fails with InvalidTokenError 183

pyjwt 1.2.01.2.0

Fixed

  • Added back verify_expiration= argument to jwt.decode() that was erroneously removed in [v1.1.0][1.1.0].

Changed

  • Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. 141

Deprecated

  • verify_expiration= argument to jwt.decode() is now deprecated and will be removed in a future version. Use the option= argument instead.

pyjwt 1.1.01.1.0

Added

  • Added support for PS256, PS384, and PS512 algorithms. 132
  • Added flexible and complete verification options during decode. 131
  • Added this CHANGELOG.md file.

Deprecated

  • Deprecated usage of the .decode(..., verify=False) parameter.

Fixed

  • Fixed command line encoding. 128

pyjwt 1.0.11.0.1

Fixed

  • Include jwt/contrib' and jwt/contrib/algorithms` in setup.py so that they will
    actually be included when installing. 882524d
  • Fix bin/jwt after removing jwt.header(). bd57b02

pyjwt 1.0.01.0.0

Changed

  • Moved jwt.api.header out of the public API. 85
  • Added README details how to extract public / private keys from an x509 certificate. 100
  • Refactor api.py functions into an object (PyJWT). 101
  • Added support for PyCrypto and ecdsa when cryptography isn't available. 101

Fixed

  • Fixed a security vulnerability where alg=None header could bypass signature verification. 109
  • Fixed a security vulnerability by adding support for a whitelist of allowed alg values jwt.decode(algorithms=[]). 110

pyjwt 1.0.0

pyjwt 1.0.1

pyjwt 1.1.0

pyjwt 1.2.0

pyjwt 1.3.0

pyjwt 1.4.0

pyjwt 1.4.1

pyjwt 1.4.2

pyjwt 1.5.0

pyjwt 1.5.1

pyjwt 1.5.2

pyjwt 1.5.3

pyjwt 1.6.0

pyjwt 1.6.1

pyjwt 1.6.3

pyjwt 1.6.4

pyjwt 1.7.0

pyjwt 1.7.1

@codecov
Copy link

codecov bot commented Jun 15, 2020
edited

Codecov Report

Merging #7435 into master will decrease coverage by 0.00%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #7435      +/-   ##
==========================================
- Coverage   45.36%   45.36%   -0.01%     
==========================================
  Files         279      279              
  Lines       14065    14065              
  Branches     2124     2124              
==========================================
- Hits         6381     6380       -1     
+ Misses       7399     7396       -3     
- Partials      285      289       +4
Impacted Files Coverage Δ
magic/image_fetcher.py 34.61% <0.00%> (-1.29%) ⬇️
decksite/view.py 60.85% <0.00%> (ø)
maintenance/elo.py 0.00% <0.00%> (ø)
decksite/data/rule.py 23.47% <0.00%> (ø)
decksite/views/person_achievements.py 35.00% <0.00%> (ø)
decksite/league.py 34.65% <0.00%> (+0.33%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5cd548a...d116565. Read the comment docs.

@mergify mergify bot merged commit 057c7c5 into master Jun 15, 2020
@mergify mergify bot deleted the pyup-scheduled-update-2020-06-15 branch June 15, 2020 18:43
@vorpal-buildbot vorpal-buildbot added Pending-on-LOGS Used by the build bot Pending-on-PROD Used by the build bot Seen-on-LOGS Seen-on-PROD and removed Pending-on-LOGS Used by the build bot Pending-on-PROD Used by the build bot labels Jun 15, 2020
@vorpal-buildbot
Copy link
Contributor

Seen on LOGS, PROD (created by @pyup-bot and merged by @mergify[bot] 1 minute and 17 seconds ago) Please check your changes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Seen-on-LOGS Seen-on-PROD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pyup-bot @vorpal-buildbot