A Python implementation of CWT/COSE.

Last update: Dec 14, 2022

Overview

Python CWT - A Python implementation of CWT/COSE

Python CWT is a CBOR Web Token (CWT) and CBOR Object Signing and Encryption (COSE) implementation compliant with:

RFC8392: CWT (CBOR Web Token)
RFC8152: COSE (CBOR Object Signing and Encryption)
and related various specifications. See Referenced Specifications.

It is designed to make users who already know about JWS/JWE/JWT be able to use it in ease. Little knowledge of CBOR/COSE/CWT is required to use it.

You can install Python CWT with pip:

$ pip install cwt

And then, you can use it as follows:

>>> import cwt
>>> from cwt import COSEKey
>>> key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
>>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
>>> token.hex()
'd18443a10105a05835a60172636f6170733a2f2f61732e657861'...
>>> cwt.decode(token, key)
{1: 'coaps://as.example', 2: 'dajiaji', 7: b'123', 4: 1620088759, 5: 1620085159, 6: 1620085159}

See Documentation for details.

Installation

Install with pip:

pip install cwt

CWT Usage Examples

Followings are typical and basic examples which create various types of CWTs, verify and decode them.

CWT API in the examples are built on top of COSE API.

See API Reference and CWT Usage Examples on document for more details.

MACed CWT

Create a MACed CWT with HS256, verify and decode it as follows:

import cwt
from cwt import Claims, COSEKey

try:
    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
    token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
    decoded = cwt.decode(token, key)

    # If you want to treat the result like a JWT;
    readable = Claims.new(decoded)
    assert readable.iss == 'coaps://as.example'
    assert readable.sub == 'dajiaji'
    assert readable.cti == '123'
    # readable.exp == 1620088759
    # readable.nbf == 1620085159
    # readable.iat == 1620085159

except Exception as err:
    # All the other examples in this document omit error handling but this CWT library
    # can throw following errors:
    #   ValueError: Invalid arguments.
    #   EncodeError: Failed to encode.
    #   VerifyError: Failed to verify.
    #   DecodeError: Failed to decode.
    print(err)

A raw CWT structure (Dict[int, Any]) can also be used as follows:

import cwt
from cwt import COSEKey

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
token = cwt.encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, key)
decoded = cwt.decode(token, key)

MAC algorithms other than HS256 are listed in Supported COSE Algorithms.

Signed CWT

Create an Ed25519 key pair:

$ openssl genpkey -algorithm ed25519 -out private_key.pem
$ openssl pkey -in private_key.pem -pubout -out public_key.pem

Create a Signed CWT with Ed25519, verify and decode it with the key pair as follows:

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(token, public_key)

JWKs can also be used instead of the PEM-formatted keys as follows:

import cwt
from cwt import COSEKey

# The sender side:
private_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["sign"],
    "alg": "EdDSA",
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
    "d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc",
})
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["verify"],
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
})
decoded = cwt.decode(token, public_key)

Signing algorithms other than Ed25519 are listed in Supported COSE Algorithms.

Encrypted CWT

Create an encrypted CWT with ChaCha20/Poly1305 and decrypt it as follows:

import cwt
from cwt import COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key)
decoded = cwt.decode(token, enc_key)

Encryption algorithms other than ChaCha20/Poly1305 are listed in Supported COSE Algorithms.

Nested CWT

Create a signed CWT and encrypt it, and then decrypt and verify the nested CWT as follows.

import cwt
from cwt import COSEKey

# A shared encryption key.
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")

# Creates a CWT with ES256 signing.
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# Encrypts the signed CWT.
nested = cwt.encode(token, enc_key)

# Decrypts and verifies the nested CWT.
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
decoded = cwt.decode(nested, [enc_key, public_key])

CWT with User Settings

The cwt in cwt.encode() and cwt.decode() above is a global CWT class instance created with default settings in advance. The default settings are as follows:

expires_in: 3600 seconds. This is the default lifetime in seconds of CWTs.
leeway: 60 seconds. This is the default leeway in seconds for validating exp and nbf.

If you want to change the settings, you can create your own CWT class instance as follows:

from cwt import COSEKey, CWT

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
mycwt = CWT.new(expires_in=3600*24, leeway=10)
token = mycwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
decoded = mycwt.decode(token, key)

CWT with User-Defined Claims

You can use your own claims as follows:

Note that such user-defined claim's key should be less than -65536.

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {
        1: "coaps://as.example",  # iss
        2: "dajiaji",  # sub
        7: b"123",  # cti
        -70001: "foo",
        -70002: ["bar"],
        -70003: {"baz": "qux"},
        -70004: 123,
    },
    private_key,
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
raw = cwt.decode(token, public_key)
assert raw[-70001] == "foo"
assert raw[-70002][0] == "bar"
assert raw[-70003]["baz"] == "qux"
assert raw[-70004] == 123

readable = Claims.new(raw)
assert readable.get(-70001) == "foo"
assert readable.get(-70002)[0] == "bar"
assert readable.get(-70003)["baz"] == "qux"
assert readable.get(-70004) == 123

User-defined claims can also be used with JSON-based claims as follows:

import cwt
from cwt import Claims, COSEKey

with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")

my_claim_names = {
    "ext_1": -70001,
    "ext_2": -70002,
    "ext_3": -70003,
    "ext_4": -70004,
}

cwt.set_private_claim_names(my_claim_names)
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": b"123",
        "ext_1": "foo",
        "ext_2": ["bar"],
        "ext_3": {"baz": "qux"},
        "ext_4": 123,
    },
    private_key,
)

with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")

raw = cwt.decode(token, public_key)
readable = Claims.new(
    raw,
    private_claims_names=my_claim_names,
)
assert readable.get("ext_1") == "foo"
assert readable.get("ext_2")[0] == "bar"
assert readable.get("ext_3")["baz"] == "qux"
assert readable.get("ext_4") == 123

CWT with PoP Key

Python CWT supports Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs). A CWT can include a PoP key as follows:

On the issuer side:

import cwt
from cwt import COSEKey

# Prepares a signing key for CWT in advance.
with open("./private_key_of_issuer.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Sets the PoP key to a CWT for the presenter.
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": "123",
        "cnf": {
            "jwk": {  # Provided by the CWT presenter.
                "kty": "OKP",
                "use": "sig",
                "crv": "Ed25519",
                "kid": "presenter-01",
                "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
                "alg": "EdDSA",
            },
        },
    },
    private_key,
)

# Issues the token to the presenter.

On the CWT presenter side:

import cwt
from cwt import COSEKey

# Prepares a private PoP key in advance.
with open("./private_pop_key.pem") as key_file:
    pop_key_private = COSEKey.from_pem(key_file.read(), kid="presenter-01")

# Receives a message (e.g., nonce)  from the recipient.
msg = b"could-you-sign-this-message?"  # Provided by recipient.

# Signs the message with the private PoP key.
sig = pop_key_private.sign(msg)

# Sends the msg and the sig with the CWT to the recipient.

On the CWT recipient side:

import cwt
from cwt import Claims, COSEKey

# Prepares the public key of the issuer in advance.
with open("./public_key_of_issuer.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Verifies and decodes the CWT received from the presenter.
raw = cwt.decode(token, public_key)
decoded = Claims.new(raw)

# Extracts the PoP key from the CWT.
extracted_pop_key = COSEKey.new(decoded.cnf)  # = raw[8][1]

# Then, verifies the message sent by the presenter
# with the signature which is also sent by the presenter as follows:
extracted_pop_key.verify(msg, sig)

Usage Examples shows other examples which use other confirmation methods for PoP keys.

CWT with Private CA

Python CWT supports the case of using an arbitrary private CA as a root of trust. In this case, a COSE message sender needs to specify the trust relationship chaining up to the root CA by using x5chain header parameter. On the other hand, a COSE message receiver needs to specify trusted root CAs by using ca_certs parameter of CWT/COSE constructor (CWT.new() or COSE.new()).

import cwt
from cwt import Claims, COSEKey

# The sernder side:
with open("./private_key_of_cert.pem")) as f:
    private_key = COSEKey.from_pem(f.read(), kid="01")

token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk(
    {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "P-256-01",
        "x": "oONCv1QoiajIbcW21Dqy6EnGvBTuF26GU7dy6JzOfXk",
        "y": "sl6k77K0TS36FW-TyEGLHY14ovZfdZ9DZWsbA8BTHGc",
        "x5c": [
          # The DER formatted X509 certificate which pairs with the private_key_of_cert.pem above.
          "MIIClDCCAXygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAoMB2RhamlhamkxEzARBgNVBAMMCnB5dGhvbi1jd3QxIDAeBgkqhkiG9w0BCQEWEWRhamlhamlAZ21haWwuY29tMB4XDTIxMTAwMzEzMDE1MFoXDTMxMTAwMTEzMDE1MFowZDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQ0wCwYDVQQKDAR0ZXN0MRUwEwYDVQQDDAx0ZXN0LmV4YW1wbGUxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASg40K_VCiJqMhtxbbUOrLoSca8FO4XboZTt3LonM59ebJepO-ytE0t-hVvk8hBix2NeKL2X3WfQ2VrGwPAUxxnoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAZFfvFbaDk_DmG2cPGTwqwnFok1QnH2Tzkjk7p4vs1ycWzEDltkhyzcJxTSHoQGdykf7fG8NCrEqfi1G3hOyAtGxVIVcqsI-KIJCESp43zrNz5HsbwEY8l5rvcwohKGlE_idIFt5IuDTv7vsg_FaCIDeruw0NrXAACnLTwksawsxaCvtY12U0wsI2aC2Sb6V3HL-OLgcN6ZWzZ054L88JllckYnqJB8wCVBzzX2K2sZH3yeS39oRWZOVG6fwXsX4k0fHFx-Fn6KlrBU15pbjMLMn0ow0X3Y8e7FOgfkkph-N7e2SxceXNjrLiumOdclPm9yGSWoGsOJdId53dPvqAsQ",
          # The root certificate which is used for signing the above certificate (optional).
          "MIIDrzCCApegAwIBAgIUIK_CYzdq4BLLVXqSclNBgXy6mgswDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTAgFw0yMTEwMDIyMzU0NTZaGA8yMDcxMDkyMDIzNTQ1NlowZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFg4sw-uPWbPBbkJuohXc89O0gaqG1H2i1wzxxka32XNKIdwrxOJvsB2eALo3q7dTqLKCgzrjdd5N07gi0KzqjoIXIXqKpV5tm0fP5gCzEOWgxySCfBJOJyyvO6WvYXdvukEBnL-48D8RSjQH9fQEju5RG0taFZE-0nQ7n3P0J-Q-OfBUEoRiHvCd8oUx0s-fBpKdfhMAbD1sGAQ9CokUFeWc49em8inNqia5xljBtSYo6_2Zx9eb7B53wvBC0EmtS4SRyksR2emlr6GxMj_EZW7hcTfZCM4V2JYXliuAEdxA0sB7q-WqLg4OvltBQxCBgTTEXRCzxj3XXZy7QyUacCAwEAAaNTMFEwHQYDVR0OBBYEFA9id2cL_Chjv6liRN3HD849TARsMB8GA1UdIwQYMBaAFA9id2cL_Chjv6liRN3HD849TARsMA8GA1UdEwEB_wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAArIej5eJN1OmD3l3ef9QzosCxKThNwqNY55CoSSC3IRl-IAXy9Lvx7cgiliwBgCv99RbXZ1ZnptTHC_1kzMzPhPg9pGKDowFP-rywaB9-NTuHTWQ4hkKDsru5dpf75ILNI5PTUi1iiBM7TdgSerpEVroUWZiOpGAdlKkmE1h4gkR6eQY9Q0IvVXwagy_PPoQ1XO1i5Hyg3aXeDZBgkE7AuW9uxtYQHzg8JG2TNko_yp497yf_Ew4t6KzGDhSa8L1euMPtclALDWFhgl6WmYsHOqAOsyZOLwpsifWa533wI9mtTvLEg8TFKMOdU0sbAoQSbrrI9m4QS7mzDLchngj3E"
        ],
        "alg": "ES256"
    })

# The recipient can specify trusted CAs as follows:
decoder = CWT.new(ca_certs="/path/to/cacerts.pem")
decoded = decoder.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"

CWT for EUDCC (EU Digital COVID Certificate)

Python CWT supports Electronic Health Certificate Specification and EUDCC (EU Digital COVID Certificate) compliant with Technical Specifications for Digital Green Certificates Volume 1

A following example shows how to verify an EUDCC:

import cwt
from cwt import load_pem_hcert_dsc

# A DSC(Document Signing Certificate) issued by a CSCA
# (Certificate Signing Certificate Authority) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"

# An EUDCC (EU Digital COVID Certificate) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
eudcc = bytes.fromhex(
    "d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)

public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key])
claims = Claims.new(decoded)
# claims.hcert[1] ==
# {
#     'v': [
#         {
#             'dn': 1,
#             'ma': 'ORG-100030215',
#             'vp': '1119349007',
#             'dt': '2021-02-18',
#             'co': 'AT',
#             'ci': 'URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B',
#             'mp': 'EU/1/20/1528',
#             'is': 'Ministry of Health, Austria',
#             'sd': 2,
#             'tg': '840539006',
#         }
#     ],
#     'nam': {
#         'fnt': 'MUSTERFRAU<GOESSINGER',
#         'fn': 'Musterfrau-Gößinger',
#         'gnt': 'GABRIELE',
#         'gn': 'Gabriele',
#     },
#     'ver': '1.0.0',
#     'dob': '1998-02-26',
# }

COSE Usage Examples

Followings are typical and basic examples which create various types of COSE messages, verify and decode them.

See API Reference and COSE Usage Examples on document for more details.

COSE MAC0

Create a COSE MAC0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Following two samples are other ways of writing the above example:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={"alg": "HS256"},
    unprotected={"kid": "01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={1: 5},
    unprotected={4: b"01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

COSE MAC

Direct Key Distribution for MAC

The direct key distribution shares a MAC key between the sender and the recipient that is used directly. The follwing example shows the simplest way to make a COSE MAC message, verify and decode it with the direct key distribution method.

from cwt import COSE, COSEKey, Recipient

# The sender makes a COSE MAC message as follows:
mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
r = Recipient.from_jwk({"alg": "direct"})
r.apply(mac_key)
ctx = COSE.new()
encoded = ctx.encode_and_mac(b"Hello world!", mac_key, recipients=[r])

# The recipient has the same MAC key and can verify and decode it:
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Direct Key with KDF for MAC

from secrets import token_bytes
from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
mac_key = r.apply(shared_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "HS256"})

AES Key Wrap for MAC

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS512")
r = Recipient.from_jwk(
    {
        "kid": "01",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
r.apply(mac_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", key=mac_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for MAC

The direct key agreement methods can be used to create a shared secret. A KDF (Key Distribution Function) is then applied to the shared secret to derive a key to be used to protect the data. The follwing example shows a simple way to make a COSE Encrypt message, verify and decode it with the direct key agreement methods (ECDH-ES+HKDF-256 with various curves).

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
    },
)
# The following key is provided by the recipient in advance.
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
mac_key = r.apply(recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
# The following key is the private key of the above pub_key.
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
# The enc_key will be derived in decode() with priv_key and
# the sender's public key which is conveyed as the recipient
# information structure in the COSE Encrypt message (encoded).
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

Key Agreement with Key Wrap for MAC

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS256")
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(mac_key, recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "alg": "ECDH-SS+A128KW",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

COSE Encrypt0

Create a COSE Encrypt0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key)
decoded = ctx.decode(encoded, enc_key)

COSE Encrypt

Direct Key Distribution for encryption

from cwt import COSE, COSEKey, Recipient

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")

# The sender side:
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk({"alg": "direct"})
r.apply(enc_key)
ctx = COSE.new()
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, enc_key)

Direct Key with KDF for encryption

from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
enc_key = r.apply(shared_key, context={"alg": "A256GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)
# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "A256GCM"})

AES Key Wrap for encryption

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
r.apply(enc_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", key=enc_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for encryption

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
    },
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
    }
)
enc_key = r.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
        "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

Key Agreement with Key Wrap for encryption

from cwt import COSE, COSEKey, Recipient

# The sender side:
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

COSE Signature1

Create a COSE Signature1 message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={"alg": "ES256"},
    unprotected={"kid": "01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

COSE Signature

Create a COSE Signature message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={1: -7},
    unprotected={4: b"01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

API Reference

See Documentation.

Supported CWT Claims

See Documentation.

Supported COSE Algorithms

See Documentation.

Referenced Specifications

Python CWT is (partially) compliant with following specifications:

Tests

You can run tests from the project root after cloning with:

$ tox

Contributing

We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.

Comments

Some EUDCC certificates can't be decoded

Hi,

I've got issues with some RSA type public keys for EUDCC decoding. I've tried the same certificate with https://github.com/panzi/verify-ehc, and it decodes the swiss certificate properly using the given certificate. Bildschirmfoto vom 2021-12-13 23-47-26

python-cwt returns a validation error for the RSA key. Most other keys seem to work.

The following is the offending key.

	"Ll3NP03zOxY=": {
		"serialNumber": "1479dce89e848ba6077c57b16f925eca",
		"subject": "C=CH, ST=Bern, L=Köniz, 2.5.4.15=Government Entity, 2.5.4.97=NTRCH-CHE-467.023.568, O=Bundesamt für Gesundheit (BAG), OU=GE-0220-BAG, OU=Taskforce BAG Covid-19, CN=COVID-certificate-CH-21-05",
		"issuer": "C=CH, 2.5.4.97=VATCH-CHE-221.032.573, O=Bundesamt fuer Informatik und Telekommunikation (BIT), OU=Swiss Government PKI, CN=Swiss Government Regulated CA 02",
		"notBefore": "2021-05-20T10:04:31.000Z",
		"notAfter": "2024-05-20T10:04:31.000Z",
		"signatureAlgorithm": "RSASSA-PKCS1-v1_5",
		"fingerprint": "a572445c2c1d3ced7689963caf2c0e763778c024",
		"publicKeyAlgorithm": {
			"hash": {
				"name": "SHA-256"
			},
			"name": "RSASSA-PKCS1-v1_5",
			"publicExponent": {
				"0": 1,
				"1": 0,
				"2": 1
			},
			"modulusLength": 2048
		},
		"publicKeyPem": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk/51stJXU48RqD2lh4IdsxFrjlJfmTCrLr3cQNEXkrEoI3OEV8NnotE1RjVmQrqLTT04oxpWlcbMolXtJBtu3rOiLNwQvyVEbj/xSc6KT84Tp7GBo1P/kkunY+Vmab6HUCV/oGZYmsdiUP/OnTPX6Wy6delDhnrgHIDti73/TSsG7Zl1V6km7+KIkjAkVCEDkkUD7uffd4G+GBZ0B9F1KOT0IcFQNvDm0zlROVoGFlmPS8DWlrLHuIdMbB281uiDjcN+kNUt7rUyyj6TFgX9WCgEB/5mQBMRaaXK1zeDTaNkmC2S7IWxhMQsMBXJyAdbD9AnQOZc6XRjBauO7gz0wIDAQAB"
	},

opened by merlinschumacher 7

Bump tox from 4.0.14 to 4.0.15
Bumps tox from 4.0.14 to 4.0.15.

Release notes

Sourced from tox's releases.

4.0.15

What's Changed

test_sequential: resolve() the system_executable by @masenf in tox-dev/tox#2751

Fix provisioning by @gaborbernat in tox-dev/tox#2750

Fix complex negative factor filters not working by @gaborbernat in tox-dev/tox#2757

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.14...4.0.15

Changelog

Sourced from tox's changelog.

v4.0.15 (2022-12-19)

Bugfixes - 4.0.15

- Fix tox auto-provisioning not working and relax :ref:`min_version` default from ``4.0`` to no version constraint - by user:`gaborbernat`. (:issue:`2634`) - Fix assertion in ``test_result_json_sequential`` when interpreter ``_base_executable`` is a hardlink (macOS homebrew) - by user:`masenf`. (:issue:`2720`) - Complex negative factor filters not working - by user:`gaborbernat`. (:issue:`2747`)

Commits

a26b975 release 4.0.15

294159e Fix complex negative factor filters not working (#2757)

55a7b66 Fix provisioning (#2750)

9972a82 test_sequential: resolve() the system_executable (#2751)

968ea7d Remove incorrect docstring

b365892 Fix release

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump tox from 4.0.8 to 4.0.9
Bumps tox from 4.0.8 to 4.0.9.

Release notes

Sourced from tox's releases.

4.0.9

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in tox-dev/tox#2689

Add tox_on_install and tox_env_teardown plugin hooks by @gaborbernat in tox-dev/tox#2687

Add PKG_CONFIG_PATH to default passenv by @gaborbernat in tox-dev/tox#2700

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.8...4.0.9

Changelog

Sourced from tox's changelog.

v4.0.9 (2022-12-13)

Features - 4.0.9

- Add :meth:`tox_on_install <tox.plugin.spec.tox_on_install>` and :meth:`tox_env_teardown <tox.plugin.spec.tox_env_teardown>` plugin hooks - by :user:`gaborbernat`. (:issue:`2687`) - Add ``PKG_CONFIG_PATH`` to the default pass through environment list for python tox environments - by :user:`gaborbernat`. (:issue:`2700`)

Commits

ebe1f39 release 4.0.9

f4c0c19 Add PKG_CONFIG_PATH to default passenv (#2700)

dbeec44 Add tox_on_install and tox_env_teardown plugin hooks (#2687)

2df6015 [pre-commit.ci] pre-commit autoupdate (#2689)

08d8924 Merge pull request #2684 from tox-dev/release-4.0.8

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump tox from 3.27.1 to 4.0.3
Bumps tox from 3.27.1 to 4.0.3.

Release notes

Sourced from tox's releases.

4.0.3

What's Changed

Document necessity to escape # sign used in commands by @jugmac00 in tox-dev/tox#2621

Ensure change_dir is created before running commands by @gaborbernat in tox-dev/tox#2643

Show host python under core section as constant by @gaborbernat in tox-dev/tox#2644

Set always PYTHONIOENCODING to utf-8 by @gaborbernat in tox-dev/tox#2646

Pass through NUMBER_OF_PROCESSORS on Windows by @gaborbernat in tox-dev/tox#2647

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

4.0.2

What's Changed

tox --showconfig -e py shows core configs by @gaborbernat in tox-dev/tox#2625

Unescaped comma in substitution should not be replaced during INI expansion by @gaborbernat in tox-dev/tox#2626

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

4.0.1

What's Changed

Default tox min_version to 4.0 instead of current tox version by @gaborbernat in tox-dev/tox#2613

Create session views of the build wheel/sdist into temp_dir by @gaborbernat in tox-dev/tox#2614

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

4.0.0

What's Changed

Create a FAQ entry about tox v3 - v4 compatibility by @jugmac00 in tox-dev/tox#2601

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

4.0.0rc4

What's Changed

Remove deprecated whitelist_externals configuration option by @jugmac00 in tox-dev/tox#2600

Do not conflate extra markers and extra dependencies by @gaborbernat in tox-dev/tox#2605

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

4.0.0rc3

What's Changed

Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 by @dependabot in tox-dev/tox#2594

Lock parallel package operations by @gaborbernat in tox-dev/tox#2593

Better handling of build backend without editable support and add --exit-and-dump-after flag by @gaborbernat in tox-dev/tox#2597

... (truncated)

Changelog

Sourced from tox's changelog.

v4.0.3 (2022-12-08)

Bugfixes - 4.0.3

- Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings - by :user:`gaborbernat`. (:issue:`2422`) - Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`) - Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` - by :user:`gaborbernat`. (:issue:`2629`) - The core tox configuration now contains ``host_python`` key showing the host python executable path - by :user:`gaborbernat`. (:issue:`2630`)
Improved Documentation - 4.0.3

Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)

Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)

v4.0.2 (2022-12-07)

Bugfixes - 4.0.2

- Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`) - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`) v4.0.1 (2022-12-07)
Bugfixes - 4.0.1

Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)

Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

v4.0.0 (2022-12-07)

Bugfixes - 4.0.0

- The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
Improved Documentation - 4.0.0

Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)

Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

... (truncated)

Commits

95084f2 release 4.0.3

8894ee9 Pass through NUMBER_OF_PROCESSORS on Windows (#2647)

a9bfef3 Set always PYTHONIOENCODING to utf-8 (#2646)

ab5ea45 Show host python under core section as constant (#2644)

31ad830 Ensure change_dir is created before running commands (#2643)

267d327 Document necessity to escape # sign used in commands (#2621)

4c485f8 Merge pull request #2627 from tox-dev/release-4.0.2

5c0863c release 4.0.2

98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...

3661b94 tox --showconfig -e py shows core configs (#2625)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump tox from 3.27.1 to 4.0.2
Bumps tox from 3.27.1 to 4.0.2.

Release notes

Sourced from tox's releases.

4.0.2

What's Changed

tox --showconfig -e py shows core configs by @gaborbernat in tox-dev/tox#2625

Unescaped comma in substitution should not be replaced during INI expansion by @gaborbernat in tox-dev/tox#2626

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

4.0.1

What's Changed

Default tox min_version to 4.0 instead of current tox version by @gaborbernat in tox-dev/tox#2613

Create session views of the build wheel/sdist into temp_dir by @gaborbernat in tox-dev/tox#2614

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

4.0.0

What's Changed

Create a FAQ entry about tox v3 - v4 compatibility by @jugmac00 in tox-dev/tox#2601

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

4.0.0rc4

What's Changed

Remove deprecated whitelist_externals configuration option by @jugmac00 in tox-dev/tox#2600

Do not conflate extra markers and extra dependencies by @gaborbernat in tox-dev/tox#2605

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

4.0.0rc3

What's Changed

Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 by @dependabot in tox-dev/tox#2594

Lock parallel package operations by @gaborbernat in tox-dev/tox#2593

Better handling of build backend without editable support and add --exit-and-dump-after flag by @gaborbernat in tox-dev/tox#2597

Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc2...4.0.0rc3

4.0.0rc2

What's Changed

release 4.0.0rc1 by @gaborbernat in tox-dev/tox#2559

Update code block template by @hugovk in tox-dev/tox#2570

Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 by @dependabot in tox-dev/tox#2573

Avoid recreation of virtualenv due to symlinks by @ssbarnea in tox-dev/tox#2574

Add missing build test dependency by @ssbarnea in tox-dev/tox#2577

Support for recursive extras by @gaborbernat in tox-dev/tox#2579

Do not set COLUMNS or LINES if already set by user by @gaborbernat in tox-dev/tox#2580

... (truncated)

Changelog

Sourced from tox's changelog.

v4.0.2 (2022-12-07)

Bugfixes - 4.0.2

- Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`) - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`) v4.0.1 (2022-12-07)
Bugfixes - 4.0.1

Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)

Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

v4.0.0 (2022-12-07)

Bugfixes - 4.0.0

- The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
Improved Documentation - 4.0.0

Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)

Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

v4.0.0rc4 (2022-12-06)

Bugfixes - 4.0.0rc4

- Fix extras not being kept for install dependencies - by :user:`gaborbernat`. (:issue:`2603`)
Deprecations and Removals - 4.0.0rc4

Remove deprecated configuration option whitelist_externals which was replaced by allowlist_externals - by :user:jugmac00. (:issue:2599)

v4.0.0rc3 (2022-12-05)

Features - 4.0.0rc3

- Add ``--exit-and-dump-after`` flag that allows automatically killing tox if does not finish within the passed seconds, and dump the thread stacks (useful to debug tox when it seemingly hangs) - by :user:`gaborbernat`. (:issue:`2595`) </tr></table>

... (truncated)

Commits

5c0863c release 4.0.2

98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...

3661b94 tox --showconfig -e py shows core configs (#2625)

871d091 Merge pull request #2623 from tox-dev/release-4.0.1

cc2ff1d release 4.0.1

2476e95 Create session views of the build wheel/sdist into temp_dir (#2614)

6305d9a Default tox min_version to 4.0 instead of current tox version (#2613)

554bd0a Update faq.rst

60d4e25 Merge pull request #2609 from tox-dev/release-4.0.0

c63ee4a release 4.0.0

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump tox from 3.27.0 to 3.27.1
Bumps tox from 3.27.0 to 3.27.1.

Release notes

Sourced from tox's releases.

3.27.1

What's Changed

release 3.27.0 by @gaborbernat in tox-dev/tox#2520

setup.cfg: Replace deprecated license_file with license_files by @mgorny in tox-dev/tox#2521

Fix PYTHONPATH passed to envreport / "pip freeze" by @f3flight in tox-dev/tox#2529

New Contributors

@mgorny made their first contribution in tox-dev/tox#2521

@f3flight made their first contribution in tox-dev/tox#2529

Full Changelog: https://github.com/tox-dev/tox/compare/3.27.0...3.27.1

Changelog

Sourced from tox's changelog.

v3.27.1 (2022-11-13)

Bugfixes ^^^^^^^^

Replaced deprecated license_file key with license_files in setup.cfg -- by :user:mgorny. [#2521](https://github.com/tox-dev/tox/issues/2521) <https://github.com/tox-dev/tox/issues/2521>_

Add env cleanup to envreport - fix PYTHONPATH leak into "envreport" -- by :user:f3flight. [#2528](https://github.com/tox-dev/tox/issues/2528) <https://github.com/tox-dev/tox/issues/2528>_

Commits

1d5d3b8 release 3.27.1

b61e780 Fix changelog

6473221 Fix PYTHONPATH passed to envreport / "pip freeze" (#2529)

0f0c505 Simplify docs conf

95e7124 Update check.yml

b123cdb setup.cfg: Replace deprecated license_file with license_files (#2521)

d0be3c6 Merge pull request #2520 from tox-dev/release-3.27.0

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump sphinx from 5.2.3 to 5.3.0
Bumps sphinx from 5.2.3 to 5.3.0.

Release notes

Sourced from sphinx's releases.

v5.3.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinx's changelog.

Release 5.3.0 (released Oct 16, 2022)

#10759: LaTeX: add :confval:latex_table_style and support the 'booktabs', 'borderless', and 'colorrows' styles. (thanks to Stefan Wiehler for initial pull requests #6666, #6671)

#10840: One can cross-reference including an option value like :option:`--module=foobar```, :option:--module[=foobar]``` or ``:option:--module foobar```. Patch by Martin Liska.

#10881: autosectionlabel: Record the generated section label to the debug log.

#10268: Correctly URI-escape image filenames.

#10887: domains: Allow sections in all the content of all object description directives (e.g. :rst:dir:py:function). Patch by Adam Turner

Commits

c1f2a52 Bump to 5.3.0 final

10db540 Allow sections in object description directives (#10919)

0fd4539 Simplify bug report template

b58eb61 Update all GitHub actions workflows to Ubuntu latest

3e04952 Add sphinx-build --bug-report

fa6d425 URI-escape image filenames (#10268)

e008e16 Revert "Fix detection for out of date files (#9360)" (#10908)

cef1a03 Update image for LaTeX job (#10916)

b5ba1ed s/5.2.0/5.3.0 in various code comments as #10759 got merged in 5.3.0

3deb527 Update CHANGES for PR #10759

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2

Bump cryptography from 37.0.4 to 38.0.0

Bumps cryptography from 37.0.4 to 38.0.0.

Changelog

Sourced from cryptography's changelog.

38.0.0 - 2022-09-06


* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
  will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
  latest ``pip`` to ensure this doesn't cause issues downloading wheels on
  their platform. We now ship ``manylinux_2_28`` wheels for users on new
  enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
  Users with the latest ``pip`` will typically get a wheel and not need Rust
  installed, but check :doc:`/installation` for documentation on installing a
  newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
  both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
  that the ``Extension`` ``critical`` field must be correctly encoded DER. See
  `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
  details.
* Added two new OpenSSL functions to the bindings to support an upcoming
  ``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
  :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
  enforced that the ``version`` value in the input must be valid according to
  the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
  other X.509 builders is deprecated and support will be removed in the next
  version.
* Added additional APIs to
  :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
  :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
  users to access the to-be-signed pre-certificate data needed for signed
  certificate timestamp verification.
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
  :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
  :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
  counter location.
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
  to the section 2.1 of the RFC, affecting method
  :meth:`~cryptography.x509.Name.from_rfc4514_string`.
* It is now possible to customize some aspects of encryption when serializing
  private keys, using
  :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
  versions older than 22.0 will need to upgrade.
* Added
</tr></table>

... (truncated)

Commits

52d6f1a version bump for 38 release (#7567)
8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
1742975 support setting more PKCS12 serialization encryption options (#7560)
abb1f54 Bump once_cell from 1.13.1 to 1.14.0 in /src/rust (#7559)
01a0e3b Bump BoringSSL version to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#7558)
35a965f Bump ouroboros from 0.15.3 to 0.15.4 in /src/rust (#7557)
9a208e1 Bump BoringSSL version to 19009c51bff0706362e824f66a0b189326a1c27d (#7555)
b342224 Bump iana-time-zone from 0.1.46 to 0.1.47 in /src/rust (#7552)
edd1e69 attempt to fix josepy tests by pinning poetry (#7553)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies

opened by dependabot[bot] 2

Bump asn1crypto from 1.4.0 to 1.5.0
Bumps asn1crypto from 1.4.0 to 1.5.0.

Changelog

Sourced from asn1crypto's changelog.

1.5.0

Fix tsp.TimeStampAndCRL to be a core.Sequence instead of a core.SequenceOf via @joernheissler

Added OIDs for Edwards curves from RFC 8410 - via @MatthiasValvekens

Fixed convenience attributes on algos.EncryptionAlgorithm when the algorithm is RC2 via @joernheissler

Added Microsoft OIDs microsoft_enrollment_csp_provider (1.3.6.1.4.1.311.13.2.2), microsoft_os_version (1.3.6.1.4.1.311.13.2.3) and microsoft_request_client_info (1.3.6.1.4.1.311.21.20) to csr.CSRAttributeType along with supporting extension structures via @qha

Added Microsoft OID microsoft_enroll_certtype (1.3.6.1.4.1.311.20.2) to x509.ExtensionId via @qha

Fixed a few bugs with parsing indefinite-length encodings via @davidben

Added various bounds checks to parsing engine via @davidben

Fixed a bug with tags not always being minimally encoded via @davidben

Fixed cms.RoleSyntax, cms.SecurityCategory and cms.AttCertIssuer to have explicit instead of implicit tagging via @MatthiasValvekens

Fixed tagging of, and default value for fields in cms.Clearance via @MatthiasValvekens

Fixed calling .dump(force=True) when the value has undefined/unknown core.Sequence fields. Previously the value would be truncated, now the existing encoding is preserved.

Added sMIME capabilities (1.2.840.113549.1.9.15) support from RFC 2633 to cms.CMSAttribute via Hellzed

Commits

47f7588 Version 1.5.0

9e067d2 Fix dev/deps.py to work on Python 3.10

557a900 Update copyright year in license

6bad16e Add Python 3.10 to CI and docs

4791c1e Update SMIMECapabilityIdentifier to use EncryptionAlgorithmId

976dbba Add support for rfc2633 sMIME capabilities signed attr (#215)

5a24aed Fix calling .dump(force=True) on a core.Sequence() with no field info

6cffd3d Merge pull request #221 from isidroas/patch-1

6250ee4 Merge pull request #220 from MatthiasValvekens/bugfix/attcertissuer-tagging-fix

f9133f0 Merge branch 'master' into bugfix/attcertissuer-tagging-fix

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 2
Bump sphinx-autodoc-typehints from 1.19.5 to 1.20.0
Bumps sphinx-autodoc-typehints from 1.19.5 to 1.20.0.

Release notes

Sourced from sphinx-autodoc-typehints's releases.

1.20.0

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in tox-dev/sphinx-autodoc-typehints#268

Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 by @dependabot in tox-dev/sphinx-autodoc-typehints#270

Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 by @dependabot in tox-dev/sphinx-autodoc-typehints#271

Bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 by @dependabot in tox-dev/sphinx-autodoc-typehints#273

Added options to retain original typehints in signatures by @BhavyeMathur in tox-dev/sphinx-autodoc-typehints#278

New Contributors

@BhavyeMathur made their first contribution in tox-dev/sphinx-autodoc-typehints#278

Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.19.5...1.20.0

Changelog

Sourced from sphinx-autodoc-typehints's changelog.

Changelog

1.20

Use hatchling instead of setuptools

Add support for typing.ParamSpec

Allow star prefixes for parameter names in docstring

1.19.2

Fix incorrect domain used for collections.abc.Callable.

1.19.1

Fix bug for recursive type alias.

1.19.0

Support for CPython 3.11, no longer adds Optional when the argument is default per recommendation from PEP-484.

1.18.3

Support and require nptyping>=2.1.2

1.18.2

Support and require nptyping>=2.1.1

1.18.1

Fix mocked module import not working when used as guarded import

1.18.0

Support and require nptyping>=2

Handle UnionType

1.17.1

Mark it as requiring nptyping<2

1.17.0

Add typehints_use_rtype option

Handles TypeError when getting source code via inspect

1.16.0

Add support for type subscriptions with multiple elements, where one or more elements are tuples; e.g.,

... (truncated)

Commits

32dc422 Added options to retain original typehints in signatures (#278)

477c438 Bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 (#273)

7ec1a6c Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 (#271)

c61094f Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 (#270)

7e467a1 [pre-commit.ci] pre-commit autoupdate (#268)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump tox from 4.2.3 to 4.2.4
Bumps tox from 4.2.3 to 4.2.4.

Release notes

Sourced from tox's releases.

4.2.4

What's Changed

Also accept tab after colon before factor filter expansion by @pdecat in tox-dev/tox#2823

Fail on mismatched python spec attributes by @stephenfin in tox-dev/tox#2824

Full Changelog: https://github.com/tox-dev/tox/compare/4.2.3...4.2.4

Changelog

Sourced from tox's changelog.

v4.2.4 (2023-01-05)

Bugfixes - 4.2.4

- Setting ``[testenv] basepython = python3`` will no longer override the Python interpreter version requested by a factor, such as ``py311`` - by :user:`stephenfin`. (:issue:`2754`) - Also accept tab after colon before factor filter expansion - by :user:`pdecat`. (:issue:`2823`)

Commits

af35384 release 4.2.4

fc289c0 Fail on mismatched python spec attributes (#2824)

af4b558 Also accept tab after colon before factor filter expansion (#2823)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump sphinx-autodoc-typehints from 1.20.0 to 1.20.1
Bumps sphinx-autodoc-typehints from 1.20.0 to 1.20.1.

Release notes

Sourced from sphinx-autodoc-typehints's releases.

1.20.1

What's Changed

Fixed default options not displaying for parameters without type hints. by @BhavyeMathur in tox-dev/sphinx-autodoc-typehints#279

Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.20.0...1.20.1

Changelog

Sourced from sphinx-autodoc-typehints's changelog.

1.20.1

Fixed default options not displaying for parameters without type hints.

1.20

Use hatchling instead of setuptools

Add support for typing.ParamSpec

Allow star prefixes for parameter names in docstring

1.19.2

Fix incorrect domain used for collections.abc.Callable.

1.19.1

Fix bug for recursive type alias.

1.19.0

Support for CPython 3.11, no longer adds Optional when the argument is default per recommendation from PEP-484.

1.18.3

Support and require nptyping>=2.1.2

1.18.2

Support and require nptyping>=2.1.1

1.18.1

Fix mocked module import not working when used as guarded import

1.18.0

Support and require nptyping>=2

Handle UnionType

1.17.1

Mark it as requiring nptyping<2

1.17.0

Add typehints_use_rtype option

Handles TypeError when getting source code via inspect

1.16.0

... (truncated)

Commits

2747ae2 Update CHANGELOG.md

4e6bc55 Fixed default options not displaying for parameters without type hints. (#279)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1
Bump tox from 4.2.4 to 4.2.6
Bumps tox from 4.2.4 to 4.2.6.

Release notes

Sourced from tox's releases.

4.2.6

What's Changed

Handle properly pip --no-binary / --only-binary options in requirements.txt format files. by @q0w in tox-dev/tox#2834

Full Changelog: https://github.com/tox-dev/tox/compare/4.2.5...4.2.6

4.2.5

What's Changed

Fix various issues with missing interpreters by @stephenfin in tox-dev/tox#2828

Full Changelog: https://github.com/tox-dev/tox/compare/4.2.4...4.2.5

Changelog

Sourced from tox's changelog.

v4.2.6 (2023-01-06)

Bugfixes - 4.2.6

- Handle properly pip ``--no-binary`` / ``--only-binary`` options in requirements.txt format files. (:issue:`2814`) v4.2.5 (2023-01-06)
Bugfixes - 4.2.5

The combination of usedevelop = true and --skip-missing-interpreters=false will no longer fail for environments that were not invoked - by :user:stephenfin. (:issue:2811)

Fix an attribute error when use_develop = true is set and an unsupported interpreter version is requested - by :user:stephenfin. (:issue:2826)

tox returns a non-zero error code if all envs are skipped. It will now correctly do this if only a single env was requested and this was skipped - by :user:stephenfin. (:issue:2827)

Commits

fd866d5 release 4.2.6

e9d6e63 Handle properly pip --no-binary / --only-binary options in requirements.txt f...

b9b4d02 release 4.2.5

c790c60 Fix various issues with missing interpreters (#2828)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1