Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency python3-saml to >=1.16,<1.17 #157

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency python3-saml to >=1.16,<1.17 #157

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 14, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
python3-saml >=1.4.0,<1.5 -> >=1.16,<1.17 age adoption passing confidence

Release Notes

SAML-Toolkits/python3-saml (python3-saml)

v1.16.0

Compare Source

  • #​364 Improve get_metadata method from Parser, allowing to set headers
  • Fix WantAuthnRequestsSigned parser
  • Fix expired payloads used on tests
  • Updated content from docs folder

v1.15.0

Compare Source

  • #​317 Handle unicode characters gracefully in python 2
  • #​338 Fix WantAuthnRequestsSigned parser
  • #​339 Add Poetry support
  • Remove version restriction on lxml dependency
  • Updated Django demo to 4.X (only py3 compatible)
  • Updated Travis file. Forced lxml to be installed using no-validate_binary
  • Removed references to OneLogin from documentation

v1.14.0

Compare Source

  • #​297 Don't require yanked version of lxml.
  • #​298 Add support for python 3.10 and cleanup the GHA.
  • #​299 Remove stats from coveralls removed as they are no longer maintained.

v1.13.0

Compare Source

  • #​296 Add rejectDeprecatedAlgorithm settings in order to be able reject messages signed with deprecated algorithms.
  • Set sha256 and rsa-sha256 as default algorithms
  • #​288 Support building a LogoutResponse with non-success status
  • Added warning about Open Redirect and Reply attacks
  • ##​274 Replace double-underscored names with single underscores
  • Add at OneLogin_Saml2_Auth get_last_assertion_issue_instant() and get_last_response_in_response_to() methods
  • Upgrade dependencies

v1.12.0

Compare Source

  • #​276 Deprecate server_port from request data dictionary

v1.11.0

Compare Source

  • #​261 Allow duplicate named attributes, controlled by a new setting
  • #​268 Make the redirect scheme matcher case-insensitive
  • #​256 Improve signature validation process. Add an option to use query string for validation
  • #​259 Add get metadata timeout
  • #​246 Add the ability to change the ProtocolBinding in the authn request.
  • #​248 Move storing the response data into its own method in the Auth class
  • Remove the dependency on defusedxml
  • #​241 Improve AttributeConsumingService support
  • Update expired dates from test responses
  • Migrate from Travis to Github Actions

v1.10.1

Compare Source

  • Fix bug on LogoutRequest class, get_idp_slo_response_url was used instead get_idp_slo_url

v1.10.0

Compare Source

  • Added custom lxml parser based on the one defined at xmldefused. Parser will ignore comments and processing instructions and by default have deactivated huge_tree, DTD and access to external documents
  • Destination URL Comparison is now case-insensitive for netloc
  • Support single-label-domains as valid. New security parameter allowSingleLabelDomains
  • Added get_idp_sso_url, get_idp_slo_url and get_idp_slo_response_url methods to the Settings class and use it in the toolkit
  • #​212 Overridability enhancements. Made classes overridable by subclassing. Use of classmethods instead staticmethods
  • Add get_friendlyname_attributes support
  • Remove external lib method get_ext_lib_path. Add set_cert_path in order to allow set the cert path in a different folder than the toolkit
  • Add sha256 instead sha1 algorithm for sign/digest as recommended value on documentation and settings
  • #​178 Support for adding idp.crt from filesystem
  • Add samlUserdata to demo-flask session
  • Fix autoreloading in demo-tornado

v1.9.0

Compare Source

  • Allow any number of decimal places for seconds on SAML datetimes
  • Fix failOnAuthnContextMismatch code
  • Improve signature validation when no reference uri
  • Update demo versions. Improve them and add Tornado demo.

v1.8.0

  • Set true as the default value for strict setting
  • #​152 Don't clean xsd and xsi namespaces
  • Drop python3.4 support due lxml. See lxml 4.4.0 (2019-07-27)

v1.7.0

  • Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs
  • Added get_in_response_to method to Response and LogoutResponse classes
  • Update defusexml dependency

v1.6.0

Compare Source

  • Add support for Subjects on AuthNRequests by the new name_id_value_req parameter
  • #​127 Fix for SLO when XML specifies encoding
  • #​126 Fixed setting NameFormat attribute for AttributeValue tags

v1.5.0

Compare Source

  • Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method
  • #​97 Check that the response has all of the AuthnContexts that we provided
  • Adapt renders from Django demo for Django 1.11 version
  • Update pylint dependency to 1.9.1
  • If debug enable, print reason for the SAMLResponse invalidation
  • Fix DSA constant
  • #​106 Support NameID children inside of AttributeValue elements
  • Start using flake8 for code quality

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency python3-saml to >=1.14,<1.15 Update dependency python3-saml to >=1.14,<1.15 Dec 17, 2022
@renovate renovate bot changed the title Update dependency python3-saml to >=1.14,<1.15 chore(deps): update dependency python3-saml to >=1.14,<1.15 Dec 17, 2022
@renovate renovate bot force-pushed the renovate/python3-saml-1.x branch from 02344bd to d45937b Compare December 28, 2022 00:16
@renovate renovate bot changed the title chore(deps): update dependency python3-saml to >=1.14,<1.15 chore(deps): update dependency python3-saml to >=1.15,<1.16 Dec 28, 2022
@renovate renovate bot force-pushed the renovate/python3-saml-1.x branch from d45937b to a711b01 Compare March 15, 2023 19:13
@renovate renovate bot force-pushed the renovate/python3-saml-1.x branch from a711b01 to 4d581d8 Compare October 10, 2023 02:57
@renovate renovate bot changed the title chore(deps): update dependency python3-saml to >=1.15,<1.16 chore(deps): update dependency python3-saml to >=1.16,<1.17 Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants