• Bump mysql-connector-python from 8.0.25 to 8.0.26 in /Backend

  Bumps mysql-connector-python from 8.0.25 to 8.0.26.

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 4
• Bump pyodbc from 4.0.32 to 4.0.34 in /Backend

  Bumps pyodbc from 4.0.32 to 4.0.34.

  Release notes

  Sourced from pyodbc's releases.

  Fixes + Mac binary wheels!

  First, I want to say thank you very, very much to the people that setup and maintained the automated building of wheels: @​keitherskine, @​hugovk, and @​abitrolly. This is the first release with wheels for Mac, completely thanks to them. It also saves me a huge amount of time since I no longer have to generate each wheel by hand on different systems.

  Release highlights:

  • Mac wheels are finally here. Thanks to all that worked on the code for that. Please let us know if there are any problems with the wheels on PyPI
  • Python 3.10 wheels are also available
  • Fix for DSNs with non-ASCII characters.
  • Memory leak fix with Decimal parameters.
  • PostgreSQL dates of -Infinity/+Infinity changed to year 1 and 9999 instead of raising an error.

  Commits

  • b7e944a Fix version of CI generated wheels
  • f28d235 Note EOL of 2.7 support in README (#945)
  • 8519c69 Add odbc_config support on mac and m1 homebrew dir
  • b069e00 Removing autoformat from code
  • 234efd7 Removing autoformat from code
  • 1b4e214 Making pyodbc compatible with PostgreSQL infinity dates, returning MINYEAR an...
  • 1f05bb6 Replace deprecated PyUnicode_FromUnicode(NULL, size) calls (#998)
  • a4b0b75 Bugfix/sql param data memory leak (#703)
  • 04ad11d Create codeql-analysis.yml
  • e67ad89 Fix memory leak with decimal parameters
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 3
• Bump pycryptodome from 3.11.0 to 3.15.0 in /Backend

  Bumps pycryptodome from 3.11.0 to 3.15.0.

  Changelog

  Sourced from pycryptodome's changelog.

  3.15.0 (22 June 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curves Ed25519 and Ed448, including export and import of keys.
  • Add support for EdDSA signatures.
  • Add support for Asymmetric Key Packages (RFC5958) to import private keys.

  Resolved issues

  • GH#620: for Crypto.Util.number.getPrime , do not sequentially scan numbers searching for a prime.

  3.14.1 (5 February 2022) ++++++++++++++++++++++++++

  Resolved issues

  • GH#595: Fixed memory leak for GMP integers. Thanks to Witalij Siebert and Pablo Quílez.

  3.14.0 (30 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-192.

  3.13.0 (23 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-224.

  Resolved issues

  • GH#590: Fixed typing info for Crypto.PublicKey.ECC.

  Other changes

  • Relaxed ECDSA requirements for FIPS 186 signatures and accept any SHA-2 or SHA-3 hash. sign() and verify() will be performed even if the hash is stronger than the ECC key.

  3.12.0 (4 December 2021) ++++++++++++++++++++++++++

  New features

  ... (truncated)

  Commits

  • c37fd19 Bump version
  • 9976c91 Update docs
  • ebcfaae More C tests for Ed25519
  • cd6ae1e Fix compilation warnings
  • fe86785 Optimize Montgomery multiplication for Ed448
  • dfb16dd Fix ed448_perf test
  • 46746e7 Update strxor documentation
  • 4c8e282 Fix typo in comment in RSA class
  • 85449d8 Fix typo in comment in RSA class
  • f674baa Update Changelog
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 3
• Bump pycryptodome from 3.11.0 to 3.14.1 in /Backend

  Bumps pycryptodome from 3.11.0 to 3.14.1.

  Changelog

  Sourced from pycryptodome's changelog.

  3.14.1 (5 February 2022) ++++++++++++++++++++++++++

  Resolved issues

  • GH#595: Fixed memory leak for GMP integers. Thanks to Witalij Siebert and Pablo Quílez.

  3.14.0 (30 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-192.

  3.13.0 (23 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-224.

  Resolved issues

  • GH#590: Fixed typing info for Crypto.PublicKey.ECC.

  Other changes

  • Relaxed ECDSA requirements for FIPS 186 signatures and accept any SHA-2 or SHA-3 hash. sign() and verify() will be performed even if the hash is stronger than the ECC key.

  3.12.0 (4 December 2021) ++++++++++++++++++++++++++

  New features

  • ECC keys in the SEC1 format can be exported and imported.
  • Add support for KMAC128, KMAC256, TupleHash128, and TupleHash256 (NIST SP-800 185).
  • Add support for KangarooTwelve.

  Resolved issues

  • GH#563: An asymmetric key could not be imported as a memoryview.
  • GH#566: cSHAKE128/256 generated a wrong output for customization strings longer than 255 bytes.
  • GH#582: CBC decryption generated the wrong plaintext when the input and the output were the same buffer. Thanks to Michael K. Ashburn.

  Commits

  • 5c5db24 Update to Changelog and version
  • 25a96ac Bump version
  • 122c90b Fix#595: Memory leak for GMP ints
  • c0c671c Add P-192 to ECC table
  • 5b7bc90 Fix typo in wheels.yml
  • f4360d1 Hold back MacOS version
  • 7935e14 Bump version
  • 8731dd2 Add support for P-192
  • 960f14d Bump version
  • d73b27c Allow truncated SHA-512 to be used with ECDSA FIPS 186
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 3
• Bump wand from 0.6.6 to 0.6.7 in /Backend

  Bumps wand from 0.6.6 to 0.6.7.

  Release notes

  Sourced from wand's releases.

  Wand 0.6.7

  The 0.6.7 release introduces direct image-stack management methods, fixes format hints when reading blobs, and includes documentation guides for distortion & morphology methods.

  See 0.6.7 Milestone for a list of all issues tracked in Github.

  See changelog for a list of all bug fixes.

  Contributors

  The following people have contributed to Wand since the 0.6.6 release.

  See git log 0.6.6..0.6.7 for a full history

       22 E. McConville
        1 Joris Kerkhoff
  

  Changelog

  Sourced from wand's changelog.

  Version 0.6.7

  Released on August 16th, 2021.

  • Added :meth:Image.image_add() <wand.image.Image.image_add> method.
  • Added :meth:Image.image_get() <wand.image.Image.image_get> method.
  • Added :meth:Image.image_remove() <wand.image.Image.image_remove> method.
  • Added :meth:Image.image_set() <wand.image.Image.image_set> method.
  • Added :meth:Image.image_swap() <wand.image.Image.image_swap> method.
  • Fixed sub-image extraction on read. [:issue:532]
  • Fixed :attr:~wand.image.BaseImage.background_color attribute when image was not read.
  • [DOC] Completed :doc:Distortion <./guide/distortion> guide. [:issue:534]
  • [DOC] Added :doc:Morphology <./guide/morphology> guide.

  .. _changelog-0.6.6:

  Commits

  • 1622a47 Setting release date for 0.6.7
  • 101dfec fix documentation typo
  • 2d737cf Fixed Image.background_color when image not loaded
  • 144f79c Added morphology doc to index
  • 7330c58 Updated cli-vs-wand refs
  • c6c676a Finished Image.image_add/get/remove/set/swap methods
  • d3980a0 Added Image.remove_image to match add_image method
  • f5310fd Created Morphology guide
  • df5c369 bumped version number for next release
  • 38aa286 Added Image.add_image method
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 3
• Bump requests from 2.25.1 to 2.26.0 in /Backend

  Bumps requests from 2.25.1 to 2.26.0.

  Changelog

  Sourced from requests's changelog.

  2.26.0 (2021-07-13)

  Improvements

  • Requests now supports Brotli compression, if either the brotli or brotlicffi package is installed. (#5783)

  • Session.send now correctly resolves proxy configurations from both the Session and Request. Behavior now matches Session.request. (#5681)

  Bugfixes

  • Fixed a race condition in zip extraction when using Requests in parallel from zip archive. (#5707)

  Dependencies

  • Instead of chardet, use the MIT-licensed charset_normalizer for Python3 to remove license ambiguity for projects bundling requests. If chardet is already installed on your machine it will be used instead of charset_normalizer to keep backwards compatibility. (#5797)

    You can also install chardet while installing requests by specifying [use_chardet_on_py3] extra as follows:

    pip install "requests[use_chardet_on_py3]"
    

    Python2 still depends upon the chardet module.

  • Requests now supports idna 3.x on Python 3. idna 2.x will continue to be used on Python 2 installations. (#5711)

  Deprecations

  • The requests[security] extra has been converted to a no-op install. PyOpenSSL is no longer the recommended secure option for Requests. (#5867)

  • Requests has officially dropped support for Python 3.5. (#5867)

  Commits

  • a1a6a54 v2.26.0
  • e253eba Stop abusing pytest-httpbin to test commonName support
  • f6c0619 Disable requests[security] and remove 3.5 support references
  • 33cf965 Allow idna 3.x to be installed on Python 3.x
  • 5351469 Add support for brotli decoding (#5783)
  • 2463074 Avoid zip extract racing condition by using read+write instead extract (#5707)
  • 2ed84f5 Switch LGPL'd chardet for MIT licensed charset_normalizer (#5797)
  • 33d448e Pin Flask to <2.0 to fix the test suite
  • 1466ad7 Fix GitHub links (#5835)
  • f6d43b0 Updated to new be-cordial-or-be-on-your-way URL and CoC now references Python...
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 3
• Bump cryptography from 3.4.7 to 38.0.3 in /Backend

  Bumps cryptography from 3.4.7 to 38.0.3.

  Changelog

  Sourced from cryptography's changelog.

  38.0.3 - 2022-11-01

  
  * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
    which resolves *CVE-2022-3602* and *CVE-2022-3786*.
  .. _v38-0-2:
  38.0.2 - 2022-10-11 (YANKED)
  

  .. attention::

  This release was subsequently yanked from PyPI due to a regression in OpenSSL.
  

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.

  .. _v38-0-1:

  38.0.1 - 2022-09-07

  
  * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
    seen in large CRLs).
  .. _v38-0-0:
  38.0.0 - 2022-09-06
  

  • Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
  • We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn't cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
  • Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check :doc:/installation for documentation on installing a newer rustc if required.
  • :meth:~cryptography.fernet.Fernet.decrypt and related methods now accept both str and bytes tokens.
  • Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue <https://github.com/pyca/cryptography/issues/6368>_ for complete details.
  • Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
  • When parsing :class:~cryptography.x509.CertificateRevocationList and

  ... (truncated)

  Commits

  • 7d9c6c3 Bump for 38.0.3 release (#7761)
  • 39f8011 attempt to workaround downstream package testing situation (#7725) (#7757)
  • 5b12ac8 Use PyPy binaries from manylinux image instead of our own (#7678) (#7693)
  • 277ee0d 38.0.2 release (#7691)
  • ce119b8 version properly in the changelog (#7578)
  • 3ff5218 Backport tlv fix, 38.0.1 bump (#7576)
  • 52d6f1a version bump for 38 release (#7567)
  • 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
  • aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
  • 1742975 support setting more PKCS12 serialization encryption options (#7560)
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 2
• Bump gevent from 21.1.2 to 22.10.1 in /Backend

  Bumps gevent from 21.1.2 to 22.10.1.

  Commits

  • ac00146 Preparing release 22.10.1
  • 4274d5b Rename to match actual PR number.
  • 92b465e Merge pull request #1915 from gevent/cython-def-goes-away
  • f384c54 Stop using DEF statements in Cython, as they are deprecated.
  • 2bfebea Add change note for #1914.
  • d48a58d Switch to the non-legacy setuptools backend
  • 275b7d9 Python needs to read GEVENTSETUP_DISABLE_ARES so it needs to be exported.
  • 492e7f7 Unify the manylinux-type jobs in ci.yml
  • 4e84ec5 add ppc64le support
  • 34e349f Add change note for #1913
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 2
• Bump gevent from 21.12.0 to 22.8.0 in /Backend

  Bumps gevent from 21.12.0 to 22.8.0.

  Commits

  • 73b8503 Preparing release 22.08.0
  • 65417fe Merge pull request #1908 from gevent/jam-py311-wip
  • 7327657 Resolve the RuntimeWarning from Cython about PyFrameObject changing size.
  • 47feb0b test__core_fork.py: Ensure we really use fork on all platforms that have it.
  • c5ee714 Fix the remainder of the 3.11 subprocess tests; try to stop skipping the tree...
  • dbb55b1 Straighten out the test__threading_2 reference leak.
  • 07569cc Skip (temporarily) some mac tests that pass locally and on linux/win CI but f...
  • e17e386 Add 3.11 stdlib tests; let the ThreadPool threads exit when idle.
  • fdc4dd5 Fix create_connection signature comparison for Python 2; drop testing Python ...
  • 5dfe00d Get the basic tests passing on 3.11; add it to the CI matrix to see what we s...
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 2
• Bump cryptography from 37.0.1 to 38.0.1 in /Backend

  Bumps cryptography from 37.0.1 to 38.0.1.

  Changelog

  Sourced from cryptography's changelog.

  38.0.1 - 2022-09-07

  
  * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
    seen in large CRLs).
  .. _v38-0-0:
  38.0.0 - 2022-09-06
  

  • Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
  • We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn't cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
  • Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check :doc:/installation for documentation on installing a newer rustc if required.
  • :meth:~cryptography.fernet.Fernet.decrypt and related methods now accept both str and bytes tokens.
  • Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue <https://github.com/pyca/cryptography/issues/6368>_ for complete details.
  • Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
  • When parsing :class:~cryptography.x509.CertificateRevocationList and :class:~cryptography.x509.CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of :rfc:2986 and :rfc:5280.
  • Using MD5 or SHA1 in :class:~cryptography.x509.CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version.
  • Added additional APIs to :class:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp, including :attr:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm, :attr:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm, :attr:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature, and :attr:~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes.
  • Added :attr:~cryptography.x509.Certificate.tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification.
  • :class:~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC and :class:~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC now support :attr:~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed counter location.
  • Fixed :rfc:4514 name parsing to reverse the order of the RDNs according

  ... (truncated)

  Commits

  • 3ff5218 Backport tlv fix, 38.0.1 bump (#7576)
  • 52d6f1a version bump for 38 release (#7567)
  • 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
  • aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
  • 1742975 support setting more PKCS12 serialization encryption options (#7560)
  • abb1f54 Bump once_cell from 1.13.1 to 1.14.0 in /src/rust (#7559)
  • 01a0e3b Bump BoringSSL version to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#7558)
  • 35a965f Bump ouroboros from 0.15.3 to 0.15.4 in /src/rust (#7557)
  • 9a208e1 Bump BoringSSL version to 19009c51bff0706362e824f66a0b189326a1c27d (#7555)
  • b342224 Bump iana-time-zone from 0.1.46 to 0.1.47 in /src/rust (#7552)
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 2
• Bump wand from 0.6.7 to 0.6.9 in /Backend

  Bumps wand from 0.6.7 to 0.6.9.

  Release notes

  Sourced from wand's releases.

  Wand 0.6.9

  The 0.6.9 version Wand fixes some critical segfault issues with the latest version of ImageMagick 7.1.0-45. All users of ImageMagick-7 should upgrade Wand as soon as possible.

  See 0.6.9 Milestone for a list of all issues tracked in Github.

  See changelog for a list of all bug fixes.

  Contributors

  The following people have contributed since the Wand 0.6.8 release.

  See git log 0.6.8..0.6.9 for a full history.

        6 E. McConville
  

  Wand 0.6.8

  The 0.6.8 release includes a few new methods, few fixes, and a few documentation improvements.

  See 0.6.8 Milestone for a list of all issues tracked in Github.

  See changelog for a list of all bug fixes.

  Contributors

  The following people have contributed since the Wand 0.5.9 release.

  See git log 0.6.7..0.6.8 for a full history.

        1 1Prototype1
       44 E. McConville
        1 FrozenFOXX
        2 Pavel Borzenkov
        1 Tim Gates
  

  Changelog

  Sourced from wand's changelog.

  Version 0.6.9

  Released on August 3rd, 2022.

  • Updated :meth:Image.fx() <wand.image.BaseImage.fx> method to raise :class:~wand.exceptions.WandRuntimeError if ImageMagick is unable to generate an image. [:issue:582]
  • Fixed :meth:Image.from_array() <wand.image.Image.from_array> classmethod to handle Numpy's strided arrays. [:issue:582]
  • Fixed segmentation fault introduced with ImageMagick 7.1.0-45. [:issue:586]

  .. _changelog-0.6.8:

  Version 0.6.8

  Released on July 16th, 2022.

  • Added :meth:Image.label() <wand.image.BaseImage.label> method.
  • Added :meth:Image.region() <wand.image.BaseImage.region> method.
  • Updated :meth:Image.chop() <wand.image.BaseImage.chop> method to support gravity keyword.
  • Updated :meth:Image.extent() <wand.image.BaseImage.extent> method to support gravity keyword. [:issue:554]
  • Added .so.9 shared library suffix to :meth:wand.api.library_paths() generator when searching :const:MAGICK_HOME path.
  • Added :const:QUANTUM_SCALE <wand.version.QUANTUM_SCALE> constant.
  • Added :meth:Image.montage() <wand.image.Image.montage> method. [:issue:575]
  • Added :meth:Image.roll() <wand.image.BaseImage.roll> method.
  • Fixed returned values for :meth:Image.connected_components() <wand.image.BaseImage.connected_components> method for ImageMagick 7.1.1. [:issue:574]
  • Fixed :c:func:MagickSetImageDepth() C-API method signature. [:issue:577 by Pavel Borzenkov]
  • Fixed :meth:Image.encipher() <wand.image.BaseImage.encipher> method to call the correct API. [:issue:578 by Pavel Borzenkov]
  • [DOC] Improved :class:~wand.drawing.FontMetrics documentation. [:issue:566]
  • [TEST] Migrated CI from travis-ci.org <https://travis-ci.org/github/emcconville/wand>_ to travis-ci.com <https://app.travis-ci.com/emcconville/wand>_.
  • [TEST] Removed unneeded SVG dependency from regression test.
  • [TEST] Suppressed :class:~wand.exceptions.OptionWarning when testing user errors.
  • [TEST] Added Python 3.9 regression test for travis-ci.com <https://app.travis-ci.com/emcconville/wand>_.
  • [TEST] Removed Python 3.7 & 3.8 regression test for travis-ci.com <https://app.travis-ci.com/emcconville/wand>_.
  • [TEST] Added Python 3.10 regression tests for github actions <https://github.com/emcconville/wand/actions>_.

  .. _changelog-0.6.7:

  Commits

  • 172418e Updated release date
  • d269eaa Fixed segfault when invoking Color before MagickWandGenesis. #586
  • 3523f37 Bump version number
  • 5e3ffb3 Fixed #583 - Support strided numpy arrays
  • be40bfc Updated docs to cover #582
  • abfd262 Raise WandRuntimeError when IM doesn't emit exception - #582
  • b9bcecf Updating release date
  • c3f624e Finished #574 - Fixes Connected Components Object for ImageMagick-7.1.0
  • 64286e0 docs: Fix a few typos
  • 9524914 Updated changelog for #578
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 2
• Bump pycryptodome from 3.10.1 to 3.16.0 in /Backend

  Bumps pycryptodome from 3.10.1 to 3.16.0.

  Release notes

  Sourced from pycryptodome's releases.

  v3.16.0 - Ravensburg

  New features

  • Build wheels for musl Linux. Thanks to Ben Raz.

  Resolved issues

  • GH#639: ARC4 now also works with 'keys' as short as 8 bits.
  • GH#669: fix segfaults when running in a manylinux2010 i686 image.

  v3.16.0 - Ravensburg (pycryptodomex)

  New features

  • Build wheels for musl Linux. Thanks to Ben Raz.

  Resolved issues

  • GH#639: ARC4 now also works with 'keys' as short as 8 bits.
  • GH#669: fix segfaults when running in a manylinux2010 i686 image.

  Changelog

  Sourced from pycryptodome's changelog.

  3.16.0 (26 November 2022) ++++++++++++++++++++++++++

  New features

  • Build wheels for musl Linux. Thanks to Ben Raz.

  Resolved issues

  • GH#639: ARC4 now also works with 'keys' as short as 8 bits.
  • GH#669: fix segfaults when running in a manylinux2010 i686 image.

  3.15.0 (22 June 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curves Ed25519 and Ed448, including export and import of keys.
  • Add support for EdDSA signatures.
  • Add support for Asymmetric Key Packages (RFC5958) to import private keys.

  Resolved issues

  • GH#620: for Crypto.Util.number.getPrime , do not sequentially scan numbers searching for a prime.

  3.14.1 (5 February 2022) ++++++++++++++++++++++++++

  Resolved issues

  • GH#595: Fixed memory leak for GMP integers. Thanks to Witalij Siebert and Pablo Quílez.

  3.14.0 (30 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-192.

  3.13.0 (23 January 2022) ++++++++++++++++++++++++++

  New features

  • Add support for curve NIST P-224.

  Resolved issues

  ... (truncated)

  Commits

  • f54108b Bump version
  • 3d065d6 Remove manylinux1 wheels only on Linux
  • 60898fe Build wheel for PyPy3.7, drop PyPy3.6
  • 428fd89 Delete manylinux1 wheels
  • 80d6640 Use -mstackrealign for 32-bits systems and SSE2
  • 32f64d5 Use most recent versions of python, ubuntu, upload-artifact
  • dcab3e7 Refactor wheel build process
  • 7e59254 Merge branch 'rc4_shorter_keys'
  • dfcc12b Bump version
  • ac3eab0 Allow RC4 keys to be as small as 8 bits
  • Additional commits viewable in compare view

  
  

  

  Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

  ---

  Dependabot commands and options

  
  

  You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  dependencies python 

  opened by dependabot[bot] 1
• Bump cryptography from 3.4.7 to 38.0.4 in /Backend

  Bumps cryptography from 3.4.7 to 38.0.4.

  Changelog

  Sourced from cryptography's changelog.

  38.0.4 - 2022-11-27

  
  * Fixed compilation when using LibreSSL 3.6.0.
  * Fixed error when using ``py2app`` to build an application with a
    ``cryptography`` dependency.
  .. _v38-0-3:
  38.0.3 - 2022-11-01
  

  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7, which resolves CVE-2022-3602 and CVE-2022-3786.

  .. _v38-0-2:

  38.0.2 - 2022-10-11 (YANKED)

  
  .. attention::
  This release was subsequently yanked from PyPI due to a regression in OpenSSL.
  
  
  Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
  
  .. _v38-0-1:
  38.0.1 - 2022-09-07
  
  * Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
    seen in large CRLs).
  .. _v38-0-0:
  38.0.0 - 2022-09-06
  
  
  Final deprecation of OpenSSL 1.1.0. The next release of cryptography
  will drop support.
  We no longer ship manylinux2010 wheels. Users should upgrade to the
  latest pip to ensure this doesn't cause issues downloading wheels on
  their platform. We now ship manylinux_2_28 wheels for users on new
  enough platforms.
  Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
  Users with the latest pip will typically get a wheel and not need Rust
  installed, but check :doc:/installation for documentation on installing a
  newer rustc if required.
  </tr></table>
  

... (truncated)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.