Scheduled weekly dependency update for week 44

[pyup-bot]

Update aioredis from 1.3.1 to 2.0.1.

Changelog

2.0.1

Features

- Added Python 3.10 to CI & Updated the Docs
(see 1160)
- Enable mypy in CI (see 1101)
- Synchronized reading the responses from a connection
(see 1106)

Fixes

- Remove __del__ from Redis (Fixes 1115)
(see 1227)
- fix socket.error raises (see 1129)
- Fix buffer is closed error when using PythonParser class
(see 1213)

2.0.0

Features

- Port redis-py's client implementation to aioredis.  
(see 891)

- Make hiredis an optional dependency.  
(see 917)

Links

• PyPI: https://pypi.org/project/aioredis
• Changelog: https://data.safetycli.com/changelogs/aioredis/
• Repo: https://github.com/aio-libs/aioredis-py

Update blinker from 1.4 to 1.6.3.

Changelog

1.6.3

-------------

Released 2023-09-23

-   Fix `SyncWrapperType` and `AsyncWrapperType` :pr:`108`
-   Fixed issue where ``signal.connected_to`` would not disconnect the
 receiver if an instance of ``BaseException`` was raised. :pr:`114`

1.6.2

-------------

Released 2023-04-12

-   Type annotations are not evaluated at runtime. typing-extensions is not a runtime
 dependency. :pr:`94`

1.6.1

-------------

Released 2023-04-09

-   Ensure that py.typed is present in the distributions (to enable other
 projects to use blinker's typing).
-   Require typing-extensions > 4.2 to ensure it includes
 ParamSpec. :issue:`90`

1.6

-----------

Released 2023-04-02

-   Add a muted context manager to temporarily turn off a
 signal. :pr:`84`
-   Allow int senders (alongside existing string senders). :pr:`83`
-   Add a send_async method to the Signal to allow signals to send to
 coroutine receivers. :pr:`76`
-   Update and modernise the project structure to match that used by the
 pallets projects. :pr:`77`
-   Add an intial set of type hints for the project.

1.5

-----------

Released 2022-07-17

-   Support Python >= 3.7 and PyPy. Python 2, Python < 3.7, and Jython
 may continue to work, but the next release will make incompatible
 changes.

Links

• PyPI: https://pypi.org/project/blinker
• Changelog: https://data.safetycli.com/changelogs/blinker/

Update cryptography from 2.9.2 to 41.0.5.

Changelog

41.0.5

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4.
* Added a function to support an upcoming ``pyOpenSSL`` release.

.. _v41-0-4:

41.0.4

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3.

.. _v41-0-3:

41.0.3

~~~~~~~~~~~~~~~~~~~

* Fixed performance regression loading DH public keys.
* Fixed a memory leak when using
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.2.

.. _v41-0-2:

41.0.2

~~~~~~~~~~~~~~~~~~~

* Fixed bugs in creating and parsing SSH certificates where critical options
with values were handled incorrectly. Certificates are now created correctly
and parsing accepts correct values as well as the previously generated
invalid forms with a warning. In the next release, support for parsing these
invalid forms will be removed.

.. _v41-0-1:

41.0.1

~~~~~~~~~~~~~~~~~~~

* Temporarily allow invalid ECDSA signature algorithm parameters in X.509
certificates, which are generated by older versions of Java.
* Allow null bytes in pass phrases when serializing private keys.

.. _v41-0-0:

41.0.0

~~~~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL less than 1.1.1d has been
removed.  Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Support for Python 3.6 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.6.
* Updated the minimum supported Rust version (MSRV) to 1.56.0, from 1.48.0.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.1.
* Added support for the :class:`~cryptography.x509.OCSPAcceptableResponses`
OCSP extension.
* Added support for the :class:`~cryptography.x509.MSCertificateTemplate`
proprietary Microsoft certificate extension.
* Implemented support for equality checks on all asymmetric public key types.
* Added support for ``aes256-gcmopenssh.com`` encrypted keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Added support for obtaining X.509 certificate signature algorithm parameters
(including PSS) via
:meth:`~cryptography.x509.Certificate.signature_algorithm_parameters`.
* Support signing :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
X.509 certificates via the new keyword-only argument ``rsa_padding`` on
:meth:`~cryptography.x509.CertificateBuilder.sign`.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
on BoringSSL.

.. _v40-0-2:

40.0.2

~~~~~~~~~~~~~~~~~~~

* Fixed compilation when using LibreSSL 3.7.2.
* Added some functions to support an upcoming ``pyOpenSSL`` release.

.. _v40-0-1:

40.0.1

~~~~~~~~~~~~~~~~~~~

* Fixed a bug where certain operations would fail if an object happened to be
in the top-half of the memory-space. This only impacted 32-bit systems.

.. _v40-0-0:

40.0.0

~~~~~~~~~~~~~~~~~~~


* **BACKWARDS INCOMPATIBLE:** As announced in the 39.0.0 changelog, the way
``cryptography`` links OpenSSL has changed. This only impacts users who
build ``cryptography`` from source (i.e., not from a ``wheel``), and
specify their own version of OpenSSL. For those users, the ``CFLAGS``,
``LDFLAGS``, ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS``
environment variables are no longer valid. Instead, users need to configure
their builds `as documented here`_.
* Support for Python 3.6 is deprecated and will be removed in the next
release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.48.0.
In the next release we will raise MSRV to 1.56.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated support for OpenSSL less than 1.1.1d. The next release of
``cryptography`` will drop support for older versions.
* Deprecated support for DSA keys in
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Deprecated support for OpenSSH serialization in
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`.
* The minimum supported version of PyPy3 is now 7.3.10.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
* Added support for parsing SSH certificates in addition to public keys with
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_identity`.
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`
continues to support only public keys.
* Added support for generating SSH certificates with
:class:`~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder`.
* Added :meth:`~cryptography.x509.Certificate.verify_directly_issued_by` to
:class:`~cryptography.x509.Certificate`.
* Added a check to :class:`~cryptography.x509.NameConstraints` to ensure that
:class:`~cryptography.x509.DNSName` constraints do not contain any ``*``
wildcards.
* Removed many unused CFFI OpenSSL bindings. This will not impact you unless
you are using ``cryptography`` to directly invoke OpenSSL's C API. Note that
these have never been considered a stable, supported, public API by
``cryptography``, this note is included as a courtesy.
* The X.509 builder classes now raise ``UnsupportedAlgorithm`` instead of
``ValueError`` if an unsupported hash algorithm is passed.
* Added public union type aliases for type hinting:

* Asymmetric types:
 :const:`~cryptography.hazmat.primitives.asymmetric.types.PublicKeyTypes`,
 :const:`~cryptography.hazmat.primitives.asymmetric.types.PrivateKeyTypes`,
 :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificatePublicKeyTypes`,
 :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPublicKeyTypes`,
 :const:`~cryptography.hazmat.primitives.asymmetric.types.CertificateIssuerPrivateKeyTypes`.
* SSH keys:
 :const:`~cryptography.hazmat.primitives.serialization.SSHPublicKeyTypes`,
 :const:`~cryptography.hazmat.primitives.serialization.SSHPrivateKeyTypes`,
 :const:`~cryptography.hazmat.primitives.serialization.SSHCertPublicKeyTypes`,
 :const:`~cryptography.hazmat.primitives.serialization.SSHCertPrivateKeyTypes`.
* PKCS12:
 :const:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12PrivateKeyTypes`
* PKCS7:
 :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7HashTypes`,
 :const:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7PrivateKeyTypes`.
* Two-factor:
 :const:`~cryptography.hazmat.primitives.twofactor.hotp.HOTPHashTypes`

* Deprecated previously undocumented but not private type aliases in the
``cryptography.hazmat.primitives.asymmetric.types`` module in favor of new
ones above.


.. _v39-0-2:

39.0.2

~~~~~~~~~~~~~~~~~~~

* Fixed a bug where the content type header was not properly encoded for
PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding.


.. _v39-0-1:

39.0.1

~~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.

.. _v39-0-0:

39.0.0

~~~~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
Users on older version of OpenSSL will need to upgrade.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
minimum LibreSSL version is 3.5.0. Going forward our policy is to support
versions of LibreSSL that are available in versions of OpenBSD that are
still receiving security support.
* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
``from_encoded_point`` methods on
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
which had been deprecated for several years.
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
should be used instead.
* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
:class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
PKCS7 has been removed.
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS
users must upgrade to 10.12 or newer.
* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change
the way we link OpenSSL. This will only impact users who build
``cryptography`` from source (i.e., not from a ``wheel``), and specify their
own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
variables will no longer be respected. Instead, users will need to
configure their builds `as documented here`_.
* Added support for
:ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`.
* Added support for disabling RSA key validation checks when loading RSA
keys via
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
and
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`.
This speeds up key loading but is :term:`unsafe` if you are loading potentially
attacker supplied keys.
* Significantly improved performance for
:class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
when repeatedly calling ``encrypt`` or ``decrypt`` with the same key.
* Added support for creating OCSP requests with precomputed hashes using
:meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
* Added support for loading multiple PEM-encoded X.509 certificates from
a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.

.. _v38-0-4:

38.0.4

~~~~~~~~~~~~~~~~~~~

* Fixed compilation when using LibreSSL 3.6.0.
* Fixed error when using ``py2app`` to build an application with a
``cryptography`` dependency.

.. _v38-0-3:

38.0.3

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.7,
which resolves *CVE-2022-3602* and *CVE-2022-3786*.

.. _v38-0-2:

38.0.2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. attention::

 This release was subsequently yanked from PyPI due to a regression in OpenSSL.

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.


.. _v38-0-1:

38.0.1

~~~~~~~~~~~~~~~~~~~

* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
seen in large CRLs).

.. _v38-0-0:

38.0.0

~~~~~~~~~~~~~~~~~~~

* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
latest ``pip`` to ensure this doesn't cause issues downloading wheels on
their platform. We now ship ``manylinux_2_28`` wheels for users on new
enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
Users with the latest ``pip`` will typically get a wheel and not need Rust
installed, but check :doc:`/installation` for documentation on installing a
newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
that the ``Extension`` ``critical`` field must be correctly encoded DER. See
`the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
details.
* Added two new OpenSSL functions to the bindings to support an upcoming
``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
:class:`~cryptography.x509.CertificateSigningRequest` values, it is now
enforced that the ``version`` value in the input must be valid according to
the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
other X.509 builders is deprecated and support will be removed in the next
version.
* Added additional APIs to
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
users to access the to-be-signed pre-certificate data needed for signed
certificate timestamp verification.
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
:attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
counter location.
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
to the section 2.1 of the RFC, affecting method
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* It is now possible to customize some aspects of encryption when serializing
private keys, using
:meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
versions older than 22.0 will need to upgrade.
* Added
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
These classes do not replace
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
allows all AES key lengths), but are intended for applications where
developers want to be explicit about key length.

.. _v37-0-4:

37.0.4

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.

.. _v37-0-3:

37.0.3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. attention::

 This release was subsequently yanked from PyPI due to a regression in OpenSSL.

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.

.. _v37-0-2:

37.0.2

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
* Added a constant needed for an upcoming pyOpenSSL release.

.. _v37-0-1:

37.0.1

~~~~~~~~~~~~~~~~~~~

* Fixed an issue where parsing an encrypted private key with the public
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
than raising an error.
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
removed again in the future, so ``pyOpenSSL`` users should still upgrade
to the latest version of that package when they upgrade ``cryptography``.

.. _v37-0-0:

37.0.0

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
The new minimum LibreSSL version is 3.1+.
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
from the public key and private key classes. These methods were originally
deprecated in version 2.0, but had an extended deprecation timeline due
to usage. Any remaining users should transition to ``sign`` and ``verify``.
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
the OpenSSL project. The next release of ``cryptography`` will be the last
to support compiling with OpenSSL 1.1.0.
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
Python core team. Support for Python 3.6 will be removed in a future
``cryptography`` release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
In the next release we will raise MSRV to 1.48.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
they are legacy algorithms with extremely low usage. These will be removed
in a future version of ``cryptography``.
* Added limited support for distinguished names containing a bit string.
* We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
and ``x86_64`` architectures. Users on macOS should upgrade to the latest
``pip`` to ensure they can use this wheel, although we will continue to
ship ``x86_64`` specific wheels for now to ease the transition.
* This will be the final release for which we ship ``manylinux2010`` wheels.
Going forward the minimum supported ``manylinux`` ABI for our wheels will
be ``manylinux2014``. The vast majority of users will continue to receive
``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
wheels this release already requires ``manylinux2014`` for compatibility
with binaries distributed by upstream.
* Added support for multiple
:class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
:class:`~cryptography.x509.ocsp.OCSPResponse`.
* Restored support for signing certificates and other structures in
:doc:`/x509/index` with SHA3 hash algorithms.
* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
disabled in FIPS mode.
* Added support for serialization of PKCS12 CA friendly names/aliases in
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
* Added support for 12-15 byte (96 to 120 bit) nonces to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
previously supported only 12 byte (96 bit).
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
OpenSSL 3.0.0+.
* Added support for serializing PKCS7 structures from a list of
certificates with
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
* Added support for parsing :rfc:`4514` strings with
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
be used to verify a signature where the salt length is not already known.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
constant will set the salt length to the same length as the ``PSS`` hash
algorithm.
* Added support for loading RSA-PSS key types with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
normal RSA private key, discarding the PSS constraint information.

.. _v36-0-2:

36.0.2

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.

.. _v36-0-1:

36.0.1

~~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.

.. _v36-0-0:

36.0.0

~~~~~~~~~~~~~~~~~~~

* **FINAL DEPRECATION** Support for ``verifier`` and ``signer`` on our
asymmetric key classes was deprecated in version 2.0. These functions had an
extended deprecation due to usage, however the next version of
``cryptography`` will drop support. Users should migrate to ``sign`` and
``verify``.
* The entire :doc:`/x509/index` layer is now written in Rust. This allows
alternate asymmetric key implementations that can support cloud key
management services or hardware security modules provided they implement
the necessary interface (for example:
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`).
* :ref:`Deprecated the backend argument<faq-missing-backend>` for all
functions.
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`.
* Added support for iterating over arbitrary request
:attr:`~cryptography.x509.CertificateSigningRequest.attributes`.
* Deprecated the ``get_attribute_for_oid`` method on
:class:`~cryptography.x509.CertificateSigningRequest` in favor of
:meth:`~cryptography.x509.Attributes.get_attribute_for_oid` on the new
:class:`~cryptography.x509.Attributes` object.
* Fixed handling of PEM files to allow loading when certificate and key are
in the same file.
* Fixed parsing of :class:`~cryptography.x509.CertificatePolicies` extensions
containing legacy ``BMPString`` values in their ``explicitText``.
* Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by :rfc:`5280` so a deprecation warning will be
raised whenever they are encountered. A future version of ``cryptography``
will drop support for parsing them.
* Added support for parsing PKCS12 files with friendly names for all
certificates with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.load_pkcs12`,
which will return an object of type
:class:`~cryptography.hazmat.primitives.serialization.pkcs12.PKCS12KeyAndCertificates`.
* :meth:`~cryptography.x509.Name.rfc4514_string` and related methods now have
an optional ``attr_name_overrides`` parameter to supply custom OID to name
mappings, which can be used to match vendor-specific extensions.
* **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of
email address fields as ``E`` in
:meth:`~cryptography.x509.Name.rfc4514_string` methods from version 35.0.

The previous behavior can be restored with:
``name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})``
* Allow
:class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`
and
:class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey` to
be used as public keys when parsing certificates or creating them with
:class:`~cryptography.x509.CertificateBuilder`. These key types must be
signed with a different signing algorithm as ``X25519`` and ``X448`` do
not support signing.
* Extension values can now be serialized to a DER byte string by calling
:func:`~cryptography.x509.ExtensionType.public_bytes`.
* Added experimental support for compiling against BoringSSL. As BoringSSL
does not commit to a stable API, ``cryptography`` tests against the
latest commit only. Please note that several features are not available
when building against BoringSSL.
* Parsing ``CertificateSigningRequest`` from DER and PEM now, for a limited
time period, allows the ``Extension`` ``critical`` field to be incorrectly
encoded. See `the issue <https://github.com/pyca/cryptography/issues/6368>`_
for complete details. This will be reverted in a future ``cryptography``
release.
* When :class:`~cryptography.x509.OCSPNonce` are parsed and generated their
value is now correctly wrapped in an ASN.1 ``OCTET STRING``. This conforms
to :rfc:`6960` but conflicts with the original behavior specified in
:rfc:`2560`. For a temporary period for backwards compatibility, we will
also parse values that are encoded as specified in :rfc:`2560` but this
behavior will be removed in a future release.

.. _v35-0-0:

35.0.0

~~~~~~~~~~~~~~~~~~~

* Changed the :ref:`version scheme <api-stability:versioning>`. This will
result in us incrementing the major version more frequently, but does not
change our existing backwards compatibility policy.
* **BACKWARDS INCOMPATIBLE:** The :doc:`/x509/index` PEM parsers now require
that the PEM string passed have PEM delimiters of the correct type. For
example, parsing a private key PEM concatenated with a certificate PEM will
no longer be accepted by the PEM certificate parser.
* **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows
negative serial numbers. :rfc:`5280` has always prohibited these.
* **BACKWARDS INCOMPATIBLE:** Additional forms of invalid ASN.1 found during
:doc:`/x509/index` parsing will raise an error on initial parse rather than
when the malformed field is accessed.
* Rust is now required for building ``cryptography``, the
``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer
respected.
* Parsers for :doc:`/x509/index` no longer use OpenSSL and have been
rewritten in Rust. This should be backwards compatible (modulo the items
listed above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for
:class:`~cryptography.hazmat.primitives.hashes.SM3` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`,
when using OpenSSL 1.1.1. These algorithms are provided for compatibility
in regions where they may be required, and are not generally recommended.
* We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to
our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions
like Alpine Linux should ensure they upgrade to the latest ``pip`` to
correctly receive wheels.
* Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute
<cryptography.x509.NameAttribute.rfc4514_attribute_name>`.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`.

.. _v3-4-8:

3.4.8

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1l.

.. _v3-4-7:

3.4.7

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1k.

.. _v3-4-6:

3.4.6

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1j.

.. _v3-4-5:

3.4.5

~~~~~~~~~~~~~~~~~~

* Various improvements to type hints.
* Lower the minimum supported Rust version (MSRV) to >=1.41.0. This change
improves compatibility with system-provided Rust on several Linux
distributions.
* ``cryptography`` will be switching to a new versioning scheme with its next
feature release. More information is available in our
:doc:`/api-stability` documentation.

.. _v3-4-4:

3.4.4

~~~~~~~~~~~~~~~~~~

* Added a ``py.typed`` file so that ``mypy`` will know to use our type
annotations.
* Fixed an import cycle that could be triggered by certain import sequences.

.. _v3-4-3:

3.4.3

~~~~~~~~~~~~~~~~~~

* Specify our supported Rust version (>=1.45.0) in our ``setup.py`` so users
on older versions will get a clear error message.

.. _v3-4-2:

3.4.2

~~~~~~~~~~~~~~~~~~

* Improvements to make the rust transition a bit easier. This includes some
better error messages and small dependency fixes. If you experience
installation problems **Be sure to update pip** first, then check the
:doc:`FAQ </faq>`.

.. _v3-4-1:

3.4.1

~~~~~~~~~~~~~~~~~~

* Fixed a circular import issue.
* Added additional debug output to assist users seeing installation errors
due to outdated ``pip`` or missing ``rustc``.

.. _v3-4:

3.4

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 2 has been removed.
* We now ship ``manylinux2014`` wheels and no longer ship ``manylinux1``
wheels. Users should upgrade to the latest ``pip`` to ensure this doesn't
cause issues downloading wheels on their platform.
* ``cryptography`` now incorporates Rust code. Users building ``cryptography``
themselves will need to have the Rust toolchain installed. Users who use an
officially produced wheel will not need to make any changes. The minimum
supported Rust version is 1.45.0.
* ``cryptography`` now has :pep:`484` type hints on nearly all of of its public
APIs. Users can begin using them to type check their code with ``mypy``.

.. _v3-3-2:

3.3.2

~~~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
when symmetrically encrypting very large payloads (>2GB) could result in an
integer overflow, leading to buffer overflows. *CVE-2020-36242* **Update:**
This fix is a workaround for *CVE-2021-23840* in OpenSSL, fixed in OpenSSL
1.1.1j.

.. _v3-3-1:

3.3.1

~~~~~~~~~~~~~~~~~~

* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` users.

.. _v3-3:

3.3

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.5 has been removed due to
low usage and maintenance burden.
* **BACKWARDS INCOMPATIBLE:** The
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` and
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESGCM` now require
64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change
is to conform with an upcoming OpenSSL release that will no longer support
sizes outside this window.
* **BACKWARDS INCOMPATIBLE:** When deserializing asymmetric keys we now
raise ``ValueError`` rather than ``UnsupportedAlgorithm`` when an
unsupported cipher is used. This change is to conform with an upcoming
OpenSSL release that will no longer distinguish between error types.
* **BACKWARDS INCOMPATIBLE:** We no longer allow loading of finite field
Diffie-Hellman parameters of less than 512 bits in length. This change is to
conform with an upcoming OpenSSL release that no longer supports smaller
sizes. These keys were already wildly insecure and should not have been used
in any application outside of testing.
* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1i.
* Python 2 support is deprecated in ``cryptography``. This is the last release
that will support Python 2.
* Added the
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.recover_data_from_signature`
function to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`
for recovering the signed data from an RSA signature.

.. _v3-2-1:

3.2.1

~~~~~~~~~~~~~~~~~~

* Disable blinding on RSA public keys to address an error with some versions
of OpenSSL.

.. _v3-2:

3.2

~~~~~~~~~~~~~~~~

* **SECURITY ISSUE:** Attempted to make RSA PKCS1v1.5 decryption more constant
time, to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed by our API, we cannot completely mitigate this vulnerability and a
future release will contain a new API which is designed to be resilient to
these for contexts where it is required. Credit to **Hubert Kario** for
reporting the issue. *CVE-2020-25659*
* Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL
will need to upgrade.
* Added basic support for PKCS7 signing (including SMIME) via
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.

.. _v3-1-1:

3.1.1

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1h.

.. _v3-1:

3.1

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
the OpenSSL project. The next version of ``cryptography`` will drop support
for it.
* Deprecated support for Python 3.5. This version sees very little use and will
be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.

.. _v3-0:

3.0

~~~~~~~~~~~~~~~~

* **BACKWARDS INCOMPATIBLE:** Removed support for passing an
:class:`~cryptography.x509.Extension` instance to
:meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`,
as per our deprecation policy.
* **BACKWARDS INCOMPATIBLE:** Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has
been removed (2.9.1+ is still supported).
* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.9, macOS users must
upgrade to 10.10 or newer.
* **BACKWARDS INCOMPATIBLE:** RSA
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
no longer accepts ``public_exponent`` values except 65537 and 3 (the latter
for legacy purposes).
* **BACKWARDS INCOMPATIBLE:** X.509 certificate parsing now enforces that the
``version`` field contains a valid value, rather than deferring this check
until :attr:`~cryptography.x509.Certificate.version` is accessed.
* Deprecated support for Python 2. At the time there is no time table for
actually dropping support, however we strongly encourage all users to upgrade
their Python, as Python 2 no longer receives support from the Python core
team.

If you have trouble suppressing this warning in tests view the :ref:`FAQ
entry addressing this issue <faq-howto-handle-deprecation-warning>`.

* Added support for ``OpenSSH`` serialization format for
``ec``, ``ed25519``, ``rsa`` and ``dsa`` private keys:
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
for loading and
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH`
for writing.
* Added support for ``OpenSSH`` certificates to
:func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`.
* Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and
:meth:`~cryptography.fernet.Fernet.decrypt_at_time` to
:class:`~cryptography.fernet.Fernet`.
* Added support for the :class:`~cryptography.x509.SubjectInformationAccess`
X.509 extension.
* Added support for parsing
:class:`~cryptography.x509.SignedCertificateTimestamps` in OCSP responses.
* Added support for parsing attributes in certificate signing requests via
``CertificateSigningRequest.get_attribute_for_oid``.
* Added support for encoding attributes in certificate signing requests via
:meth:`~cryptography.x509.CertificateSigningRequestBuilder.add_attribute`.
* On OpenSSL 1.1.1d and higher ``cryptography`` now uses OpenSSL's
built-in CSPRNG instead of its own OS random engine because these versions of
OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`.

.. _v2-9-2:

Links

• PyPI: https://pypi.org/project/cryptography
• Changelog: https://data.safetycli.com/changelogs/cryptography/

Update ipython from 7.15.0 to 8.17.1.

Changelog

7.18.1

We do not use GitHub release anymore. Please see PyPI https://pypi.org/project/ipython/

Links

• PyPI: https://pypi.org/project/ipython
• Changelog: https://data.safetycli.com/changelogs/ipython/
• Homepage: https://ipython.org

Update ipywidgets from 7.5.1 to 8.1.1.

Changelog

8.0.6

Highlights include:

- Fix: revert removing ipykernel dependency [3749](https://github.com/jupyter-widgets/ipywidgets/pull/3749)
- Fix: structuredClone broke default serializer that depended on JSON/toJSON [3738](https://github.com/jupyter-widgets/ipywidgets/pull/3738)
- Fix: comm/ipykernel/manager runtime issues: [3740](https://github.com/jupyter-widgets/ipywidgets/pull/3740), [#3737](https://github.com/jupyter-widgets/ipywidgets/pull/3737)

8.0.5

Highlights include:

- Fix: propertly typed Comm interface [3722](https://github.com/jupyter-widgets/ipywidgets/pull/3722)
- Fix: support the comm package [3533](https://github.com/jupyter-widgets/ipywidgets/pull/3533)
- Fix: use of structuredClone allows for binary traits out of the box [3689](https://github.com/jupyter-widgets/ipywidgets/pull/3689)
- Fix: combobox update issue [3681](https://github.com/jupyter-widgets/ipywidgets/issues/3681)
- Fix: add grey as valid color [3671](https://github.com/jupyter-widgets/ipywidgets/pull/3671)
- Fix: deprecation warning when using interact [3669](https://github.com/jupyter-widgets/ipywidgets/issues/3669)

8.0.4

Highlights include:

- Fix: slider change event issue with tapping: [3597](https://github.com/jupyter-widgets/ipywidgets/pull/3597), [#3617](https://github.com/jupyter-widgets/ipywidgets/pull/3617)
- Fix: unintentional deprecation warnings: [3648](https://github.com/jupyter-widgets/ipywidgets/pull/3648), [#3650](https://github.com/jupyter-widgets/ipywidgets/pull/3650)
- Fix: registry state lookup failed, making is impossible to create widgets from the frontend: [3653](https://github.com/jupyter-widgets/ipywidgets/pull/3653)

8.0.3

---

Highlights include:

- Fix: be backwards compatibel with 7.x, where we re-instroduced `.widget` and `.widget_types` [3567](https://github.com/jupyter-widgets/ipywidgets/pull/3567)
- Fix: be backwards compatibel with 7.x, revert hold_sync during set_state [3642](https://github.com/jupyter-widgets/ipywidgets/pull/3642)

8.0.0

To see the full list of pull requests and issues, see the [8.0 milestone](https://github.com/jupyter-widgets/ipywidgets/milestone/30?closed=1) on GitHub, or the
[full list of changes since 7.x](https://github.com/jupyter-widgets/ipywidgets/compare/7.x...8.0.0). See the [user migration guide](./user_migration_guides.md) for suggestions about migrating your code that uses ipywidgets to 8.0. If you author a custom widget, please see the [custom widget migration guide](./migration_guides.md) for suggestions about migrating your widget to support ipywidgets 8.

Users

Here are some highlights of user-visible changes in ipywidgets 8.0.

Date and time pickers

In addition to the existing DatePicker widget, we now have new DatetimePicker and TimePicker widgets. ([2715](https://github.com/jupyter-widgets/ipywidgets/pull/2715))

python
from ipywidgets import VBox, TimePicker, DatetimePicker
VBox([
TimePicker(description='Time'),
DatetimePicker(description='Date/Time')
])


Tags input widget

The new TagsInput widget provides an easy way to collect and manage tags in a widget. You can drag and drop tags to reorder them, limit them to a set of allowed values, or even prevent making duplicate tags. ([2591](https://github.com/jupyter-widgets/ipywidgets/pull/2591), [#3272](https://github.com/jupyter-widgets/ipywidgets/pull/3272))

python
from ipywidgets import TagsInput
TagsInput(
 value=['pizza', 'fries'],
 allowed_tags=['pizza', 'fries', 'tomatoes', 'steak'],
 allow_duplicates=False
)


Similarly, the new ColorsInput widget provides a way to select colors as tags

python
from ipywidgets import ColorsInput
ColorsInput(
 value=['red', '2f6d30'],
  allowed_tags=['red', 'blue', 'green'],
  allow_duplicates=False
)


Stack widget

The new Stack container widget shows only the selected child widget, while other child widgets remain hidden. This can be useful if you want to have a area that displays different widgets depending on some other interaction.

python
from ipywidgets import Stack, Button, IntSlider, Dropdown, VBox, link
s = Stack([Button(description='Click here'), IntSlider()], selected_index=0)
d = Dropdown(options=['button', 'slider'])
link((d, 'index'), (s, 'selected_index'))
VBox([d, s])


File upload widget

The file upload widget has been overhauled to handle multiple files in a more useful format:

- The `.value` attribute is now a list of dictionaries, rather than a dictionary mapping the uploaded name to the content.
- The contents of each uploaded file is a [memory view](https://docs.python.org/3/library/stdtypes.html#memory-views) in the `.content` key, e.g., `uploader.value[0].content`.
- The `.data` attribute has been removed.
- The `.metadata` attribute has been removed.

See the [user migration guide](./user_migration_guides.mdFileUpload) for details on how to migrate your code.

([2767](https://github.com/jupyter-widgets/ipywidgets/pull/2767), [#2724](https://github.com/jupyter-widgets/ipywidgets/pull/2724), [#2666](https://github.com/jupyter-widgets/ipywidgets/pull/2666), [#2480](https://github.com/jupyter-widgets/ipywidgets/issues/2480))

More styling options

Many style and layout options have been added to core widgets:

- Tooltips are now supported for many core widgets, rather than just a few description tooltips ([2680](https://github.com/jupyter-widgets/ipywidgets/pull/2680))
python
from ipywidgets import Button
Button(description="Click me", tooltip='An action')

- Borders can be styled independently with the layout's `border_top`, `border_right`, `border_bottom`, `border_left` attributes ([2757](https://github.com/jupyter-widgets/ipywidgets/pull/2757), [#3269](https://github.com/jupyter-widgets/ipywidgets/pull/3269))
python
from ipywidgets import Button
Button(description="Click me", layout={'border_bottom': '3px solid blue'})

- Descriptions are now plain text by default for security, but you can set them to allow HTML with the `description_allow_html` attribute (HTML content is still sanitized for security). ([2785](https://github.com/jupyter-widgets/ipywidgets/pull/2785))
python
from ipywidgets import Text
Text(description="<b>Name</b>", description_allow_html=True)

- Many other styling attributes can be set on core widgets, such as font family, size, style, weight, text color, and text decoration. See the table in the documentation for a reference. ([2728](https://github.com/jupyter-widgets/ipywidgets/pull/2728))
- The SelectionSlider now has a `handle_color` style attribute ([3142](https://github.com/jupyter-widgets/ipywidgets/pull/3142))
- To control keyboard navigation, widgets can be set to be tabbable or not (i.e., that the tab key will traverse to the widget) ([2640](https://github.com/jupyter-widgets/ipywidgets/pull/2640))

Selection container titles

The Accordion, Tab, and Stack widgets now have a `.titles` attribute that you can use to get and set titles from the constructor or as an attribute. ([2746](https://github.com/jupyter-widgets/ipywidgets/pull/2746), [#3296](https://github.com/jupyter-widgets/ipywidgets/pull/3296), [#3477](https://github.com/jupyter-widgets/ipywidgets/pull/3477))

python
from ipywidgets import Tab, IntSlider, Text
Tab([IntSlider(), Text()], titles=('Slider', 'Text'))


Slider implementation

The slider implementation in the core widgets now uses [nouislider](https://refreshless.com/nouislider/). This enables us to fix long-standing bugs and introduce new features, like dragging the range in a RangeSlider. ([#2712](https://github.com/jupyter-widgets/ipywidgets/pull/2712), [#630](https://github.com/jupyter-widgets/ipywidgets/issues/630), [#3216](https://github.com/jupyter-widgets/ipywidgets/pull/3216), [#2834](https://github.com/jupyter-widgets/ipywidgets/pull/2834))

Collaboration

By default, ipywidgets 8 enables a collaboration mode, where widget updates from one frontend are reflected back to other frontends, enabling a consistent state between multiple users and fixing synchronization between the kernel and frontend. You may want to disable these update echo messages if they are using too much bandwidth or causing slower interactivity. To disable echo update messages across ipywidgets, set the environment variable `JUPYTER_WIDGETS_ECHO` to `0`. For widget authors, to opt a specific attribute of custom widget out of echo updates (for example, if the attribute contains a lot of data that does not need to be synchronized), tag the attribute with `echo_update=False` metadata (we do this in core for the FileUpload widget's `data` attribute). ([3195](https://github.com/jupyter-widgets/ipywidgets/pull/3195), [#3343](https://github.com/jupyter-widgets/ipywidgets/pull/3343), [#3394](https://github.com/jupyter-widgets/ipywidgets/pull/3394), [#3407](https://github.com/jupyter-widgets/ipywidgets/pull/3407))

CDN for html manager

We have made it easier to load widgets from content delivery networks.

- The default CDN is changed from unpkg to jsDelivr ([3121](https://github.com/jupyter-widgets/ipywidgets/pull/3121), [#1627](https://github.com/jupyter-widgets/ipywidgets/issues/1627))
- You can use the `data-jupyter-widgets-cdn-only` attribute to load modules only from CDN ([2792](https://github.com/jupyter-widgets/ipywidgets/pull/2792), [#2786](https://github.com/jupyter-widgets/ipywidgets/issues/2786))
- We have updated the webpack public path settings so the HTMLManager and the Jupyter Notebook extensions pull assets from wherever they are loaded, rather than only from CDN. If you author a custom widget, we highly encourage you to apply similar changes to your widget by adapting the changes at https://github.com/jupyter-widgets/widget-cookiecutter/pull/103/files. [#3464](https://github.com/jupyter-widgets/ipywidgets/pull/3464), [#3508](https://github.com/jupyter-widgets/ipywidgets/pull/3508)

Other changes

Here is a short list of some of the other changes in ipywidgets 8.0.

- Add a cookiecutter-based tutorial to build a custom widget ([2919](https://github.com/jupyter-widgets/ipywidgets/pull/2919))
- Change media widgets to use memory views. ([2723](https://github.com/jupyter-widgets/ipywidgets/pull/2723))
- Upgrade to FontAwesome 5 in html-manager ([2713](https://github.com/jupyter-widgets/ipywidgets/pull/2713))
- Play widget now toggles between play and pause button as needed ([2703](https://github.com/jupyter-widgets/ipywidgets/pull/2703), [#2671](https://github.com/jupyter-widgets/ipywidgets/issues/2671))
- Drop support for mapping types as selection options ([2679](https://github.com/jupyter-widgets/ipywidgets/pull/2679), [#1958](https://github.com/jupyter-widgets/ipywidgets/issues/1958))
- Focus or blur a widget. ([2664](https://github.com/jupyter-widgets/ipywidgets/pull/2664), [#2692](https://github.com/jupyter-widgets/ipywidgets/pull/2692), [#2691](https://github.com/jupyter-widgets/ipywidgets/pull/2691), [#2690](https://github.com/jupyter-widgets/ipywidgets/pull/2690))
- Drop notebook dependency from widgetsnbextension ([2590](https://github.com/jupyter-widgets/ipywidgets/pull/2590))
- Cast 'value' in range sliders to a tuple ([2441](https://github.com/jupyter-widgets/ipywidgets/pull/2441))
- Play widget: expose playing and repeat ([2283](https://github.com/jupyter-widgets/ipywidgets/pull/2283), [#1897](https://github.com/jupyter-widgets/ipywidgets/issues/1897))
- Fix debouncing and throttling code ([3060](https://github.com/jupyter-widgets/ipywidgets/pull/3060))
- Fix regression on spinning icons ([2685](https://github.com/jupyter-widgets/ipywidgets/pull/2685), [#2477](https://github.com/jupyter-widgets/ipywidgets/issues/2477))
- Fix selection container default index ([1823](https://github.com/jupyter-widgets/ipywidgets/pull/1823))
- Remove deprecated overflow properties ([2688](https://github.com/jupyter-widgets/ipywidgets/pull/2688))
- Select: Do not force a selection if there is currently no selection and the options list changes ([3284](https://github.com/jupyter-widgets/ipywidgets/pull/3284))
- Add support for localization to the lab extension ([3286](https://github.com/jupyter-widgets/ipywidgets/pull/3286))
- Drop support for Python 2.7, 3.4, and 3.5 ([2558](https://github.com/jupyter-widgets/ipywidgets/pull/2558), [#2655](https://github.com/jupyter-widgets/ipywidgets/pull/2655), [#3131](https://github.com/jupyter-widgets/ipywidgets/pull/3131), [#3120](https://github.com/jupyter-widgets/ipywidgets/pull/3120))
- Fix character escapes in combobox options ([2972](https://github.com/jupyter-widgets/ipywidgets/pull/2972))
- Modify outputs to use a comm if IPython is not available ([2954](https://github.com/jupyter-widgets/ipywidgets/pull/2954))
- Bugfix/parameters in the from_file method to be passed along in the media class ([3074](https://github.com/jupyter-widgets/ipywidgets/pull/3074))
- Widgetsnbextension: throw error on failure to render ([3280](https://github.com/jupyter-widgets/ipywidgets/pull/3280))
- Fix memory leak from Image widget not releasing object urls ([3171](https://github.com/jupyter-widgets/ipywidgets/pull/3171), [#3170](https://github.com/jupyter-widgets/ipywidgets/pull/3170))
- ErrorWidget as fallback when widgets models or views fail - Following up ([3304](https://github.com/jupyter-widgets/ipywidgets/pull/3304))
- Fix matplotlib plots in interact ([3277](https://github.com/jupyter-widgets/ipywidgets/pull/3277))
- Fix selection equality checking ([2897](https://github.com/jupyter-widgets/ipywidgets/pull/2897))
- Remove the `on_displayed` Python callback mechanism ([2021](https://github.com/jupyter-widgets/ipywidgets/pull/2021))

Developers

To see an overview of the changes to the core widget model specification, see [3455](https://github.com/jupyter-widgets/ipywidgets/issues/3455).

Python

- `Widget.widgets` and `Widget.widget_types` are now private variables ([3122](https://github.com/jupyter-widgets/ipywidgets/pull/3122), [#3173](https://github.com/jupyter-widgets/ipywidgets/pull/3173))
- Generate the widget data spec as JSON ([2193](https://github.com/jupyter-widgets/ipywidgets/pull/2193))
- Use `_repr_mimebundle_` and require ipython 6.1 or later. ([2021](https://github.com/jupyter-widgets/ipywidgets/pull/2021), [#1811](https://github.com/jupyter-widgets/ipywidgets/issues/1811))
- Hold sync during `set_state` + fix selection widgets flakiness ([3271](https://github.com/jupyter-widgets/ipywidgets/pull/3271))
- Remove deprecated `handle_kernel` alias ([2694](https://github.com/jupyter-widgets/ipywidgets/pull/2694))
- Removed deprecated signature of the `register` decorator ([2695](https://github.com/jupyter-widgets/ipywidgets/pull/2695))

Javascript

- Fix CSS variable names to match JupyterLab names ([2801](https://github.com/jupyter-widgets/ipywidgets/pull/2801), [#2062](https://github.com/jupyter-widgets/ipywidgets/issues/2062))
- Delete `display_model` and `display_view` ([2752](https://github.com/jupyter-widgets/ipywidgets/pull/2752), [#2751](https://github.com/jupyter-widgets/ipywidgets/issues/2751))
- Drop underscore usage ([2742](https://github.com/jupyter-widgets/ipywidgets/pull/2742))
- Upgrade to es2017 javascript ([2725](https://github.com/jupyter-widgets/ipywidgets/pull/2725))
- Split base manager into separate packages ([2710](https://github.com/jupyter-widgets/ipywidgets/pull/2710), [#2561](https://github.com/jupyter-widgets/ipywidgets/issues/2561))
- Change Phosphor to Lumino ([2681](https://github.com/jupyter-widgets/ipywidgets/pull/2681), [#3267](https://github.com/jupyter-widgets/ipywidgets/pull/3267))
- Widgetmanagerbase: improve create_view return type ([2662](https://github.com/jupyter-widgets/ipywidgets/pull/2662))
- Refactor the JupyterLab widget manager so it can be reused ([2532](https://github.com/jupyter-widgets/ipywidgets/pull/2532))
- Make more of lab manager dependencies optional ([2528](https://github.com/jupyter-widgets/ipywidgets/pull/2528))
- Remove class `jupyter-widgets` from `jp-outputarea-output` node ([2500](https://github.com/jupyter-widgets/ipywidgets/pull/2500))
- Rename `pWidget` to `luminoWidget` and deprecate `pWidget` ([3118](https://github.com/jupyter-widgets/ipywidgets/pull/3118), [#3141](https://github.com/jupyter-widgets/ipywidgets/pull/3141), [#3358](https://github.com/jupyter-widgets/ipywidgets/pull/3358),)
- Add `layout`, `style`, and `shown` events ([3300](https://github.com/jupyter-widgets/ipywidgets/pull/3300))
- Implement `jupyter.widget.control` comm channel ([3313](https://github.com/jupyter-widgets/ipywidgets/pull/3313))
- Update to TypeScript 4.3 ([3162](https://github.com/jupyter-widgets/ipywidgets/pull/3162))
- Add event listener for resize events ([3124](https://github.com/jupyter-widgets/ipywidgets/pull/3124))
- Remove `process.cwd` polyfill ([3315](https://github.com/jupyter-widgets/ipywidgets/pull/3315))
- Make sure buffer is a DataView ([3127](https://github.com/jupyter-widgets/ipywidgets/pull/3127))
- Deprecate the overly broad CSS class `widget` and introduce a similar `jupyter-widget` CSS class ([3146](https://github.com/jupyter-widgets/ipywidgets/pull/3146))
- Fetch the full widget state via a control Comm ([3021](https://github.com/jupyter-widgets/ipywidgets/pull/3021))
- Export LabWidgetManager and KernelWidgetManager ([3166](https://github.com/jupyter-widgets/ipywidgets/pull/3166))
- More helpful semver range message ([3185](https://github.com/jupyter-widgets/ipywidgets/pull/3185))
- Make the base widget manager `.get_model()` method always return a Promise, which is rejected if the requested model is not registered. To test if a model is registered, use the new `.has_model()` method ([3389](https://github.com/jupyter-widgets/ipywidgets/pull/3389))

Documentation improvements

- Documentation overhaul ([3104](https://github.com/jupyter-widgets/ipywidgets/pull/3104),
[3096](https://github.com/jupyter-widgets/ipywidgets/issues/3096), [#3099](https://github.com/jupyter-widgets/ipywidgets/pull/3099),
[3076](https://github.com/jupyter-widgets/ipywidgets/issues/3076), [#2824](https://github.com/jupyter-widgets/ipywidgets/pull/2824),
[3246](https://github.com/jupyter-widgets/ipywidgets/pull/3246), [#3243](https://github.com/jupyter-widgets/ipywidgets/pull/3243),
[3103](https://github.com/jupyter-widgets/ipywidgets/pull/3103), [#3165](https://github.com/jupyter-widgets/ipywidgets/pull/3165),
[3283](https://github.com/jupyter-widgets/ipywidgets/pull/3283), [#2927](https://github.com/jupyter-widgets/ipywidgets/pull/2927),
[3062](https://github.com/jupyter-widgets/ipywidgets/pull/3062), [#3129](https://github.com/jupyter-widgets/ipywidgets/pull/3129),
[3130](https://github.com/jupyter-widgets/ipywidgets/pull/3130), [#3155](https://github.com/jupyter-widgets/ipywidgets/pull/3155),
)
- Remove step parameter from widget list notebook ([3106](https://github.com/jupyter-widgets/ipywidgets/pull/3106))
- Remove extra requirements from doc to fix RTD build ([3098](https://github.com/jupyter-widgets/ipywidgets/pull/3098))
- Align doc requirements for 7.x branch with master ([3094](https://github.com/jupyter-widgets/ipywidgets/pull/3094))
- Remove defunct deep-links from install in README ([3225](https://github.com/jupyter-widgets/ipywidgets/pull/3225))
- Fix documentation about embedding widget in HTML ([3224](https://github.com/jupyter-widgets/ipywidgets/pull/3224))
- Fix example web3 missing process during runtime ([3223](https://github.com/jupyter-widgets/ipywidgets/pull/3223))
- Complete docstring for `interactive`. ([3169](https://github.com/jupyter-widgets/ipywidgets/pull/3169))
- Unpin ipykernel<6 for the docs ([3168](https://github.com/jupyter-widgets/ipywidgets/pull/3168))
- Checking milestone and generating changelog ([3125](https://github.com/jupyter-widgets/ipywidgets/pull/3125))
- Change graph example to receive a tuple instead of a dict ([3117](https://github.com/jupyter-widgets/ipywidgets/pull/3117))
- Fix debouncing and throttling code ([3060](https://github.com/jupyter-widgets/ipywidgets/pull/3060))
- Variable Inspector example used a wrong callback argument signature ([3302](https://github.com/jupyter-widgets/ipywidgets/pull/3302))

Repo maintenance

- Visual regression testing using Galata ([3172](https://github.com/jupyter-widgets/ipywidgets/pull/3172), [#3279](https://github.com/jupyter-widgets/ipywidgets/pull/3279))
- Reorganize packages in the monorepo, moving the python packages to the `python` folder ([3301](https://github.com/jupyter-widgets/ipywidgets/pull/3301), [#3316](https://github.com/jupyter-widgets/ipywidgets/pull/3316))
- Use new custom widget label on issue template ([3176](https://github.com/jupyter-widgets/ipywidgets/pull/3176))
- Create and upload reference screenshots on CI failure ([3227](https://github.com/jupyter-widgets/ipywidgets/pull/3227))
- Allow generate-spec to take optional output file ([3174](https://github.com/jupyter-widgets/ipywidgets/pull/3174))
- Update to Jupyter Packaging 0.10 ([3194](https://github.com/jupyter-widgets/ipywidgets/pull/3194))
- Update bug report test environment ([3156](https://github.com/jupyter-widgets/ipywidgets/pull/3156))
- Create links out to gitter and discourse from the new issue options ([3153](https://github.com/jupyter-widgets/ipywidgets/pull/3153))
- Adapt the milestone_check script from JupyterLab for ipywidgets. ([3091](https://github.com/jupyter-widgets/ipywidgets/pull/3091))
- Fix spec generation for traitlets 5 ([3234](https://github.com/jupyter-widgets/ipywidgets/pull/3234))
- Add documentation issue template ([3095](https://github.com/jupyter-widgets/ipywidgets/pull/3095))
- Add Binder links and badges ([3164](https://github.com/jupyter-widgets/ipywidgets/pull/3164), [#3212](https://github.com/jupyter-widgets/ipywidgets/pull/3212), [#3151](https://github.com/jupyter-widgets/ipywidgets/pull/3151), [#3148](https://github.com/jupyter-widgets/ipywidgets/pull/3148), [#2701](https://github.com/jupyter-widgets/ipywidgets/pull/2701))

Contributors to this release

([GitHub contributors page for this release](https://github.com/jupyter-widgets/ipywidgets/graphs/contributors?from=2019-06-11&to=2022-08-05&type=c))

[afonit](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Aafonit+updated%3A2019-06-11..2022-08-05&type=Issues) | [alex-rind](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Aalex-rind+updated%3A2019-06-11..2022-08-05&type=Issues) | [Alexboiboi](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3AAlexboiboi+updated%3A2019-06-11..2022-08-05&type=Issues) | [azjps](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Aazjps+updated%3A2019-06-11..2022-08-05&type=Issues) | [blois](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Ablois+updated%3A2019-06-11..2022-08-05&type=Issues) | [bollwyvl](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Abollwyvl+updated%3A2019-06-11..2022-08-05&type=Issues) | [bsyouness](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Absyouness+updated%3A2019-06-11..2022-08-05&type=Issues) | [casperdcl](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Acasperdcl+updated%3A2019-06-11..2022-08-05&type=Issues) | [crahan](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Acrahan+updated%3A2019-06-11..2022-08-05&type=Issues) | [davidbrochart](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Adavidbrochart+updated%3A2019-06-11..2022-08-05&type=Issues) | [deisi](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Adeisi+updated%3A2019-06-11..2022-08-05&type=Issues) | [dependabot](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Adependabot+updated%3A2019-06-11..2022-08-05&type=Issues) | [elliothershberg](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Aelliothershberg+updated%3A2019-06-11..2022-08-05&type=Issues) | [fperez](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Afperez+updated%3A2019-06-11..2022-08-05&type=Issues) | [giswqs](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Agiswqs+updated%3A2019-06-11..2022-08-05&type=Issues) | [github-actions](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Agithub-actions+updated%3A2019-06-11..2022-08-05&type=Issues) | [hai-schrodinger](https://github.com/search?q=repo%3Ajupyter-widgets%2Fipywidgets+involves%3Ahai-schrodinger+updated%3A2019-06-11..2022-08-05&type=Issues) | [ianhi](https://github.com/se

[pyup-bot]

Closing this in favor of #330