mirror of
https://github.com/blackboxprogramming/BlackRoad-Operating-System.git
synced 2026-03-17 07:57:19 -05:00
099b06aa0d
Bumps [python-jose[cryptography]](https://github.com/mpdavis/python-jose) from 3.3.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mpdavis/python-jose/releases">python-jose[cryptography]'s releases</a>.</em></p> <blockquote> <h2>3.5.0</h2> <ul> <li>Remove support for Python 3.8</li> <li>Added support for Python 3.12 & 3.13</li> <li>Upgrade to pyasn1 0.5.1+</li> <li>Upgrade to pytest and other dependencies</li> <li>Add RTD config file to silence emailed deprecation warnings</li> </ul> <h3>Bug fixes and Improvements</h3> <ul> <li>Remove get_random_bytes from cryptography backend</li> <li>Do not use <code>utc_now</code> on module level</li> <li>Remove key data (sensitive information) from JWKError exceptions</li> <li>Added possibility to call jwk.construct() with a private RSA key</li> </ul> <p><a href="https://pypi.org/project/python-jose/3.5.0/">https://pypi.org/project/python-jose/3.5.0/</a></p> <h2>3.4.0</h2> <h3>News</h3> <ul> <li>Remove support for Python 3.6 and 3.7</li> <li>Added support for Python 3.10 and 3.11</li> </ul> <h3>Bug fixes and Improvements</h3> <ul> <li>Updating <code>CryptographyAESKey::encrypt</code> to generate 96 bit IVs for GCM block cipher mode</li> <li>Fix for PEM key comparisons caused by line lengths and new lines</li> <li>Fix for CVE-2024-33664 - JWE limited to 250KiB</li> <li>Fix for CVE-2024-33663 - signing JWT with public key is now forbidden</li> <li>Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)</li> </ul> <h3>Housekeeping</h3> <ul> <li>Updated Github Actions Workflows</li> <li>Updated to use tox 4.x</li> <li>Revise codecov integration</li> <li>Fixed DeprecationWarnings</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mpdavis/python-jose/blob/master/CHANGELOG.md">python-jose[cryptography]'s changelog</a>.</em></p> <blockquote> <h2>3.5.0 -- 2025-05-28</h2> <h3>News</h3> <ul> <li>Remove support for Python 3.8</li> <li>Added support for Python 3.12 & 3.13</li> <li>Upgrade to pyasn1 0.5.1+</li> <li>Upgrade to pytest and other dependencies</li> <li>Add RTD config file to silence emailed deprecation warnings</li> </ul> <h3>Bug fixes and Improvements</h3> <ul> <li>Remove get_random_bytes from cryptography backend</li> <li>Do not use <code>utc_now</code> on module level</li> <li>Remove key data (sensitive information) from JWKError exceptions</li> <li>Added possibility to call jwk.construct() with a private RSA key</li> </ul> <h2>3.4.0 -- 2025-02-14</h2> <h3>News</h3> <ul> <li>Remove support for Python 3.6 and 3.7</li> <li>Added support for Python 3.10 and 3.11</li> </ul> <h3>Bug fixes and Improvements</h3> <ul> <li>Updating <code>CryptographyAESKey::encrypt</code> to generate 96 bit IVs for GCM block cipher mode</li> <li>Fix for PEM key comparisons caused by line lengths and new lines</li> <li>Fix for CVE-2024-33664 - JWE limited to 250KiB</li> <li>Fix for CVE-2024-33663 - signing JWT with public key is now forbidden</li> <li>Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)</li> </ul> <h3>Housekeeping</h3> <ul> <li>Updated Github Actions Workflows</li> <li>Updated to use tox 4.x</li> <li>Revise codecov integration</li> <li>Fixed DeprecationWarnings</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="018b310ddb"><code>018b310</code></a> Prepare release 3.5.0 (<a href="https://redirect.github.com/mpdavis/python-jose/issues/388">#388</a>)</li> <li><a href="393c37476c"><code>393c374</code></a> Improve jwt.decode key doc (<a href="https://redirect.github.com/mpdavis/python-jose/issues/198">#198</a>)</li> <li><a href="50d43908ff"><code>50d4390</code></a> utils.py: fix types in docstrings for base64url_encode/decode (<a href="https://redirect.github.com/mpdavis/python-jose/issues/269">#269</a>)</li> <li><a href="8fd0b63186"><code>8fd0b63</code></a> Add RTD config file to silence emailed deprecation warnings (<a href="https://redirect.github.com/mpdavis/python-jose/issues/333">#333</a>)</li> <li><a href="6f03385e53"><code>6f03385</code></a> Added possibility to call jwk.construct() with a private key (<a href="https://redirect.github.com/mpdavis/python-jose/issues/295">#295</a>)</li> <li><a href="2f0aca6e2e"><code>2f0aca6</code></a> Add python_requires arg to setup.cfg (<a href="https://redirect.github.com/mpdavis/python-jose/issues/273">#273</a>)</li> <li><a href="895777e04a"><code>895777e</code></a> Updated pyasn version to match latest (<a href="https://redirect.github.com/mpdavis/python-jose/issues/338">#338</a>)</li> <li><a href="45bd1248f1"><code>45bd124</code></a> Update jwk.py (<a href="https://redirect.github.com/mpdavis/python-jose/issues/328">#328</a>)</li> <li><a href="1f0ae0a208"><code>1f0ae0a</code></a> docs: Fix a few typos (<a href="https://redirect.github.com/mpdavis/python-jose/issues/299">#299</a>)</li> <li><a href="ceaac3665d"><code>ceaac36</code></a> Do not use <code>utc_now</code> on module level (<a href="https://redirect.github.com/mpdavis/python-jose/issues/372">#372</a>)</li> <li>Additional commits viewable in <a href="https://github.com/mpdavis/python-jose/compare/3.3.0...3.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
67 lines
1.1 KiB
Plaintext
67 lines
1.1 KiB
Plaintext
# FastAPI and Server
|
|
fastapi==0.104.1
|
|
uvicorn[standard]==0.24.0
|
|
python-multipart==0.0.22
|
|
|
|
# Database
|
|
sqlalchemy==2.0.23
|
|
alembic==1.12.1
|
|
psycopg2-binary==2.9.11
|
|
asyncpg==0.29.0
|
|
aiosqlite==0.19.0
|
|
|
|
# Authentication & Security
|
|
python-jose[cryptography]==3.5.0
|
|
passlib[bcrypt]==1.7.4
|
|
bcrypt==4.1.1
|
|
pyjwt==2.11.0
|
|
|
|
# Redis Cache
|
|
redis==5.0.1
|
|
hiredis==3.3.0
|
|
|
|
# AWS S3 for File Storage
|
|
boto3==1.35.99
|
|
botocore==1.35.99
|
|
|
|
# Email
|
|
email-validator==2.3.0
|
|
emails==0.6.0
|
|
jinja2==3.1.6
|
|
|
|
# WebSockets
|
|
websockets==12.0
|
|
|
|
# Utilities
|
|
python-dotenv==1.2.2
|
|
pydantic==2.5.0
|
|
pydantic-settings==2.1.0
|
|
psutil==7.2.2
|
|
|
|
# HTTP Client
|
|
httpx==0.25.2
|
|
aiohttp==3.13.3
|
|
|
|
# Crypto/Blockchain
|
|
cryptography==46.0.5
|
|
ecdsa==0.19.1
|
|
hashlib-additional==1.1
|
|
|
|
# Testing
|
|
pytest==9.0.2
|
|
pytest-asyncio==0.21.1
|
|
pytest-cov==4.1.0
|
|
httpx==0.25.2
|
|
|
|
# Monitoring
|
|
prometheus-client==0.19.0
|
|
|
|
# CORS (handled by Starlette/FastAPI)
|
|
# Dependency removed because package does not exist on PyPI.
|
|
|
|
# New API Integrations (Railway, Vercel, Stripe, Twilio, Slack, Discord, Sentry)
|
|
# Note: Most integrations use httpx (already included above)
|
|
# Additional packages for specific integrations:
|
|
stripe==14.4.1
|
|
sentry-sdk==1.45.1
|