8000 build(deps): bump pysaml2 from 7.0.1 to 7.1.0 by dependabot[bot] · Pull Request #357 · alerta/docker-alerta · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

build(deps): bump pysaml2 from 7.0.1 to 7.1.0 #357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2021
Merged

build(deps): bump pysaml2 from 7.0.1 to 7.1.0 #357

merged 1 commit into from
Dec 6, 2021

Conversation

dependabot[bot]
Copy link
Contributor
@dependabot dependabot bot commented on behalf of github Dec 6, 2021
edited
Loading

Bumps pysaml2 from 7.0.1 to 7.1.0.

Release notes

Sourced from pysaml2's releases.

Version 7.1.0

7.1.0 (2021-11-16)

The following breaking changes are not reflected in the version by mistake:

  • the method saml2.mdstore.Metadata::certs used to return a list of certificate data - List[str]. This method has now changed to return a list of tuples - List[Tuple[str, str]] - where the first item in the tuple holds the key name, and the second the certificate data.

Changes:

  • Fix signature verification for the redirect binding for AuthnRequest and LogoutRequest.
  • Include encryption KeyName in encrypted assertions.
  • Add "reason" field in invalid signature errors due to invalid document format.
  • New SP configuration option requested_authn_context to set the preferred RequestedAuthnContext class reference.
  • Add support for metadata refresh by adding a metadata_reload method into saml2.Entity. This method is to be externally invoked, and to receive the same metadata configuration as what was passed under the metadata key to saml2.Config. The method loads a new metadata configuration and swaps it in (replacing the references across several objects that hold a metadata reference).
  • Fix SessionIndex resolution during logout.
  • Fix AuthnResponse::get_subject to be able to decrypt a NameID with the given keys.
  • Refactor AuthnResponse::authn_info to consider DeclRef equivalent to ClassRef.
  • Ensure creation of multiple ePTIDs is handled correctly.
  • Improve signature checks by ensuring the Object element is absent, enforcing allowed transform aglorithms, enforcing allowed canonicalization methods and requiring the enveloped-signature transform to be present.
  • mdstore: Make unknown metadata extensions available through the internal metadata.
  • mdstore: Fix the exception handler of the InMemoryMetaData object.
  • mdstore: Fix the serialization of the MetadataStore object.
  • examples: Fix code to catter changes in interfaces.
  • examples: Update certificates to avoid SSL KEY TO SMALL errors.
  • docs: Significant improvement on the configuration options documentation.
  • docs: Fix typos.
Changelog

Sourced from pysaml2's changelog.

7.1.0 (2021-11-16)

  • Fix signature verification for the redirect binding for AuthnRequest and LogoutRequest.
  • Include encryption KeyName in encrypted assertions.
  • Add "reason" field in invalid signature errors due to invalid document format.
  • New SP configuration option requested_authn_context to set the preferred RequestedAuthnContext class reference.
  • Add support for metadata refresh by adding a metadata_reload method into saml2.Entity. This method is to be externally invoked, and to receive the same metadata configuration as what was passed under the metadata key to saml2.Config. The method loads a new metadata configuration and swaps it in (replacing the references across several objects that hold a metadata reference).
  • Fix SessionIndex resolution during logout.
  • Fix AuthnResponse::get_subject to be able to decrypt a NameID with the given keys.
  • Refactor AuthnResponse::authn_info to consider DeclRef equivalent to ClassRef.
  • En 8000 sure creation of multiple ePTIDs is handled correctly.
  • Improve signature checks by ensuring the Object element is absent, enforcing allowed transform aglorithms, enforcing allowed canonicalization methods and requiring the enveloped-signature transform to be present.
  • mdstore: Make unknown metadata extensions available through the internal metadata.
  • mdstore: Fix the exception handler of the InMemoryMetaData object.
  • mdstore: Fix the serialization of the MetadataStore object.
  • examples: Fix code to catter changes in interfaces.
  • examples: Update certificates to avoid SSL KEY TO SMALL errors.
  • docs: Significant improvement on the configuration options documentation.
  • docs: Fix typos.
Commits
  • 1ace07f Release version 7.1.0
  • 718cf98 Fix signature verification for the redirect binding
  • a3b26f3 Verify signed logout requests with the redirect binding
  • 68c0a89 Small refactor
  • 5b07161 Refactored redirect signature check into separate method
  • 058cc80 633: Support for redirect binding signature check using query param values
  • 5caf6da Merge pull request #781 from challet/key-name
  • 0a4c358 Ouput the according KeyName in encrypted answer
  • 59172fc Enhance invalid document format info with reason
  • 9f30f2f Merge pull request #807 from pandafy/issues/806-requested-authn-context
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Dec 6, 2021
@satterly
Copy link
Member
satterly commented Dec 6, 2021

@dependabot rebase

@dependabot
build(deps): bump pysaml2 from 7.0.1 to 7.1.0
7e82967 
Bumps [pysaml2](https://github.com/IdentityPython/pysaml2) from 7.0.1 to 7.1.0.
- [Release notes](https://github.com/IdentityPython/pysaml2/releases)
- [Changelog](https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md)
- [Commits](IdentityPython/pysaml2@v7.0.1...v7.1.0)

---
updated-dependencies:
- dependency-name: pysaml2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/pysaml2-7.1.0 branch from 63df749 to 7e82967 Compare December 6, 2021 07:55
@satterly satterly merged commit 5d94392 into master Dec 6, 2021
@satterly satterly deleted the dependabot/pip/pysaml2-7.1.0 branch December 6, 2021 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@satterly
0