Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix detection of FIPS mode for blake2b #879

Merged
merged 3 commits into from Feb 28, 2022
Merged

Fix detection of FIPS mode for blake2b #879

merged 3 commits into from Feb 28, 2022

Conversation

frenzymadness
Copy link
Contributor

Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.

Fixes: #857

@frenzymadness
Fix detection of FIPS mode for blake2b
143dab2 
Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.
@frenzymadness
Copy link
Contributor Author

There seem to be some troubles with CodeCov. Is there any way how can I fix them?

bhrutledge
bhrutledge approved these changes Feb 28, 2022
View reviewed changes
Copy link
Contributor

@bhrutledge bhrutledge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I pushed an updated test and changelog entry. It looks like the CodeCov issue was temporary.

@bhrutledge bhrutledge merged commit a9e9cd6 into pypa:main Feb 28, 2022
bhrutledge added a commit that referenced this pull request Mar 2, 2022
@frenzymadness @bhrutledge
Fix detection of FIPS mode for blake2b (#879)
dbb040a 
* Fix detection of FIPS mode for blake2b

Blake2 algorithms are disabled on FIPS mode on OpenSSL level
and preferred on Python level which cause the check of
API (attributes) to fail sooner than OpenSSL raises ValueError
for unavailable function.

* Update test

* Add changelog entry

Co-authored-by: Brian Rutledge <brian@bhrutledge.com>
@bittner
Copy link

bittner commented Mar 3, 2022
edited

There is no test included in this PR.

How do we make sure that the changes will now make running, e.g., twine check 'dist/*' work?

@sigmavirus24
Copy link
Member

There is no test included in this PR.

You're mistaken

@bittner
Copy link

bittner commented Mar 3, 2022

Oh, sorry, I apologize. I see now.

But does the changed test reflect the original problem that initiated the code change? I admit I have a hard time understanding the description of this PR.

@sigmavirus24
Copy link
Member

Yes. On earlier versions of python, trying to access blake2b was a ValueError. On newer Python versions it tries to call something with the parameters we've specified but the function doesn't accept them and it raises a TypeError (potentially an unintentional side effect in the maintenance of hashlib). This change handles both problems and has tests the mimic both scenarios via parametrization

mergify bot pushed a commit to andrewbolster/bolster that referenced this pull request Apr 2, 2022
@dependabot
Bump twine from 3.8.0 to 4.0.0 (#256)
8070115 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=3.8.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this pull request Apr 5, 2022
@dependabot
chore(deps-dev): Update twine requirement from ~=3.8.0 to ~=4.0.0 in …
7395f62 
…/packages/jsii-pacmak/lib/targets/python (#3469)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>
<p>Improved Documentation
^^^^^^^^^^^^^^^^^^^^^^</p>
<ul>
<li>Fix broken link to packaging tutorial. (<code>[#844](pypa/twine#844) &lt;https://github.com/pypa/twine/issues/844&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.0 (2021-12-01)</h2>
<p>Features</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/36695abf8837aba72d87304d99b789c3f2872c99"><code>36695ab</code></a> Update changelog for 4.0.0 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/888">#888</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4931a2a413229a77d1848bebd02b15f6d106ab69"><code>4931a2a</code></a> Make missing <code>long_description</code> check more flexible (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/887">#887</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/7cd0b236bf1b7531bc57ee7647fdb7054890486d"><code>7cd0b23</code></a> Subclass StringIO for _WarningStream. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/886">#886</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/aa7c0473f0fc12b0b92376dc9d437929bde7713f"><code>aa7c047</code></a> Update sampleproject fixture (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/885">#885</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a6dd69c79f7b5abfb79022092a5d3776a499e31b"><code>a6dd69c</code></a> Adopt Python 3.7+ syntax (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/882">#882</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a0ba32dcd0ea5af5de7b88d6645b7743bf003760"><code>a0ba32d</code></a> Drop support for Python 3.6 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/869">#869</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/55652f0a65d433860024650d0d66f62b690fe26c"><code>55652f0</code></a> Replace tqdm with Rich for progress bar (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/877">#877</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/c506b225b3ab57a40571001825dea0058a55807a"><code>c506b22</code></a> Filter unnecessary deps from User-Agent string (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/871">#871</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/a9e9cd6ecec3c4d4504704ccaba08be487d67ebf"><code>a9e9cd6</code></a> Fix detection of FIPS mode for blake2b (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/879">#879</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/f69d4b7e41b8d40342133d5c8e43df7316e73993"><code>f69d4b7</code></a> Use Rich for <code>print()</code> output (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/878">#878</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/3.8.0...4.0.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this pull request Jun 1, 2022
@dependabot
chore(deps-dev): Update twine requirement from ~=4.0.0 to ~=4.0.1 in …
5744707 
…/packages/jsii-pacmak/lib/targets/python (#3568)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/releases">twine's releases</a>.</em></p>
<blockquote>
<h2>4.0.1</h2>
<p><a href="https://pypi.org/project/twine/4.0.1/">https://pypi.org/project/twine/4.0.1/</a></p>
<p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-1-2022-06-01">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfgure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Require a recent version of urllib3. (<code>[#858](pypa/twine#858) &lt;https://github.com/pypa/twine/issues/858&gt;</code>_)</li>
</ul>
<h2>Twine 3.7.1 (2021-12-07)</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/8f5e5d6d42d582ef3ea6ef07da277e0cabd22fd2"><code>8f5e5d6</code></a> Update changelog for 4.0.1 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/904">#904</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/62f3c67fa2f74cde433d6003b7ebf4256f129a7d"><code>62f3c67</code></a> Log keyring tracebacks (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/890">#890</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/d30df7038fd3545e30a2c9bd3728aa787659aa38"><code>d30df70</code></a> Update links to requests docs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/899">#899</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/5525a2a628317eecb891859e395b0a54f2c57043"><code>5525a2a</code></a> Restore missing <code>__main__</code> logs (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/896">#896</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/b0b932f2da604e90f8a7a5a5c7e2841f519a8fb7"><code>b0b932f</code></a> Fix typos in tests (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/898">#898</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/4223ee154f1c962a0c33e2a3a95ed4c42bc62d41"><code>4223ee1</code></a> Require latest version of readme_renderer (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/892">#892</a>)</li>
<li>See full diff in <a href="https://github.com/pypa/twine/compare/4.0.0...4.0.1">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this pull request Dec 1, 2022
@dependabot
chore(deps-dev): Update twine requirement from ~=4.0.1 to ~=4.0.2 in …
3a73d45 
…/packages/jsii-pacmak/lib/targets/python (#3868)

Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/releases">twine's releases</a>.</em></p>
<blockquote>
<h2>4.0.2</h2>
<p><a href="https://pypi.org/project/twine/4.0.2/">https://pypi.org/project/twine/4.0.2/</a></p>
<p><a href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-2-2022-11-30">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.2 (2022-11-30)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) &lt;https://github.com/pypa/twine/issues/941&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) &lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfgure root logger to show all log messages. (<code>[#896](pypa/twine#896) &lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6. (<code>[#869](pypa/twine#869) &lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output. (<code>[#851](pypa/twine#851) &lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output. (<code>[#874](pypa/twine#874) &lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar. (<code>[#877](pypa/twine#877) &lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header when uploading. (<code>[#871](pypa/twine#871) &lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode. (<code>[#879](pypa/twine#879) &lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>. (<code>[#887](pypa/twine#887) &lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
<h2>Twine 3.8.0 (2022-02-02)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Add <code>--verbose</code> logging for querying keyring credentials. (<code>[#849](pypa/twine#849) &lt;https://github.com/pypa/twine/issues/849&gt;</code>_)</li>
<li>Log all upload responses with <code>--verbose</code>. (<code>[#859](pypa/twine#859) &lt;https://github.com/pypa/twine/issues/859&gt;</code>_)</li>
<li>Show more helpful error message for invalid metadata. (<code>[#861](pypa/twine#861) &lt;https://github.com/pypa/twine/issues/861&gt;</code>_)</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/twine/commit/75c3d8623c0847d8ce5a59c1d14a9fcc71e2a4a2"><code>75c3d86</code></a> Release 4.0.2 (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/946">#946</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/5b5d081bd520ec0cf49f10ebaa52dfc582e5214f"><code>5b5d081</code></a> Fix twine( check) with the newly released pkginfo 1.9. (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/941">#941</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/717ae3d55b1b4a3e294319102ca70b33a4c6315c"><code>717ae3d</code></a> Fix failing CI (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/943">#943</a>)</li>
<li><a href="https://github.com/pypa/twine/commit/bb51e46092c99de18e9309a3bee8fb996eb154e7"><code>bb51e46</code></a> Remove unused mypy ignores (<a href="https://github-redirect.dependabot.com/pypa/twine/issues/927">#927</a>)</li>
<li>See full diff in <a href="https://github.com/pypa/twine/compare/4.0.1...4.0.2">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
Nr18 added a commit to Nr18/report2junit that referenced this pull request Jun 26, 2023
@Nr18
chore(deps-dev): bump twine from 3.8.0 to 4.0.2 (#56)
269ef79 
Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/twine/releases">twine's
releases</a>.</em></p>
<blockquote>
<h2>4.0.2</h2>
<p><a
href="https://pypi.org/project/twine/4.0.2/">https://pypi.org/project/twine/4.0.2/</a></p>
<p><a
href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-2-2022-11-30">Changelog</a></p>
<h2>4.0.1</h2>
<p><a
href="https://pypi.org/project/twine/4.0.1/">https://pypi.org/project/twine/4.0.1/</a></p>
<p><a
href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-1-2022-06-01">Changelog</a></p>
<h2>4.0.0</h2>
<p><a
href="https://pypi.org/project/twine/4.0.0/">https://pypi.org/project/twine/4.0.0/</a></p>
<p><a
href="https://twine.readthedocs.io/en/stable/changelog.html#twine-4-0-0-2022-03-31">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's
changelog</a>.</em></p>
<blockquote>
<h2>Twine 4.0.2 (2022-11-30)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove deprecated function to fix <code>twine check</code> with
pkginfo 1.9.0. (<code>[#941](pypa/twine#941)
&lt;https://github.com/pypa/twine/issues/941&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.1 (2022-06-01)</h2>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Improve logging when keyring fails.
(<code>[#890](pypa/twine#890)
&lt;https://github.com/pypa/twine/issues/890&gt;</code>_)</li>
<li>Reconfgure root logger to show all log messages.
(<code>[#896](pypa/twine#896)
&lt;https://github.com/pypa/twine/issues/896&gt;</code>_)</li>
</ul>
<h2>Twine 4.0.0 (2022-03-31)</h2>
<p>Features
^^^^^^^^</p>
<ul>
<li>Drop support for Python 3.6.
(<code>[#869](pypa/twine#869)
&lt;https://github.com/pypa/twine/issues/869&gt;</code>_)</li>
<li>Use Rich to add color to <code>upload</code> output.
(<code>[#851](pypa/twine#851)
&lt;https://github.com/pypa/twine/issues/851&gt;</code>_)</li>
<li>Use Rich to add color to <code>check</code> output.
(<code>[#874](pypa/twine#874)
&lt;https://github.com/pypa/twine/issues/874&gt;</code>_)</li>
<li>Use Rich instead of tqdm for upload progress bar.
(<code>[#877](pypa/twine#877)
&lt;https://github.com/pypa/twine/issues/877&gt;</code>_)</li>
</ul>
<p>Bugfixes
^^^^^^^^</p>
<ul>
<li>Remove Twine's dependencies from the <code>User-Agent</code> header
when uploading. (<code>[#871](pypa/twine#871)
&lt;https://github.com/pypa/twine/issues/871&gt;</code>_)</li>
<li>Improve detection of disabled BLAKE2 hashing due to FIPS mode.
(<code>[#879](pypa/twine#879)
&lt;https://github.com/pypa/twine/issues/879&gt;</code>_)</li>
<li>Restore warning for missing <code>long_description</code>.
(<code>[#887](pypa/twine#887)
&lt;https://github.com/pypa/twine/issues/887&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/twine/commit/75c3d8623c0847d8ce5a59c1d14a9fcc71e2a4a2"><code>75c3d86</code></a>
Release 4.0.2 (<a
href="https://redirect.github.com/pypa/twine/issues/946">#946</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/5b5d081bd520ec0cf49f10ebaa52dfc582e5214f"><code>5b5d081</code></a>
Fix twine( check) with the newly released pkginfo 1.9. (<a
href="https://redirect.github.com/pypa/twine/issues/941">#941</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/717ae3d55b1b4a3e294319102ca70b33a4c6315c"><code>717ae3d</code></a>
Fix failing CI (<a
href="https://redirect.github.com/pypa/twine/issues/943">#943</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/bb51e46092c99de18e9309a3bee8fb996eb154e7"><code>bb51e46</code></a>
Remove unused mypy ignores (<a
href="https://redirect.github.com/pypa/twine/issues/927">#927</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/8f5e5d6d42d582ef3ea6ef07da277e0cabd22fd2"><code>8f5e5d6</code></a>
Update changelog for 4.0.1 (<a
href="https://redirect.github.com/pypa/twine/issues/904">#904</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/62f3c67fa2f74cde433d6003b7ebf4256f129a7d"><code>62f3c67</code></a>
Log keyring tracebacks (<a
href="https://redirect.github.com/pypa/twine/issues/890">#890</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/d30df7038fd3545e30a2c9bd3728aa787659aa38"><code>d30df70</code></a>
Update links to requests docs (<a
href="https://redirect.github.com/pypa/twine/issues/899">#899</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/5525a2a628317eecb891859e395b0a54f2c57043"><code>5525a2a</code></a>
Restore missing <code>__main__</code> logs (<a
href="https://redirect.github.com/pypa/twine/issues/896">#896</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/b0b932f2da604e90f8a7a5a5c7e2841f519a8fb7"><code>b0b932f</code></a>
Fix typos in tests (<a
href="https://redirect.github.com/pypa/twine/issues/898">#898</a>)</li>
<li><a
href="https://github.com/pypa/twine/commit/4223ee154f1c962a0c33e2a3a95ed4c42bc62d41"><code>4223ee1</code></a>
Require latest version of readme_renderer (<a
href="https://redirect.github.com/pypa/twine/issues/892">#892</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/twine/compare/3.8.0...4.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=3.8.0&new-version=4.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

@bhrutledge bhrutledge bhrutledge approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TypeError: 'digest_size' is an invalid keyword argument for openssl_blake2b()
4 participants
@frenzymadness @bittner @sigmavirus24 @bhrutledge