From 52d2d12a332f11597cf12ff727a755c14f159923 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Oct 2020 20:55:12 +0000 Subject: [PATCH 1/4] Bump cryptography from 2.3.1 to 3.2 Bumps [cryptography](https://github.com/pyca/cryptography) from 2.3.1 to 3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/2.3.1...3.2) Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index cf913d2a..3608d6a7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,7 +3,7 @@ PyJWT==1.7.0 #need 2.x for Python3 support python-dateutil==2.1.0 #1.1.0 is the first that can be installed on windows -cryptography==2.3.1 +cryptography==3.2 #for testing httpretty==0.8.14 pylint==1.5.4 From 6481cfb42a8e637d89beee1ca8d2a1e660a3a4ae Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Thu, 29 Oct 2020 01:35:31 -0700 Subject: [PATCH 2/4] Remove cryptography from requirements.txt --- requirements.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3608d6a7..4bd49926 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,8 +2,12 @@ requests==2.20.0 PyJWT==1.7.0 #need 2.x for Python3 support python-dateutil==2.1.0 + #1.1.0 is the first that can be installed on windows -cryptography==3.2 +# Yet we decide to remove this from requirements.txt, +# because ADAL does not have a direct dependency on it. +#cryptography==3.2 + #for testing httpretty==0.8.14 pylint==1.5.4 From 914e83e8b7d8c50dcf3b8036b8b170ba466c4abd Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Fri, 15 Jan 2021 13:35:37 -0800 Subject: [PATCH 3/4] Make it compatible with PyJWT 1 & 2; also declare upper bound for requests and python-dateutil --- adal/self_signed_jwt.py | 6 +++++- setup.py | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/adal/self_signed_jwt.py b/adal/self_signed_jwt.py index 67c4e887..7f7398da 100644 --- a/adal/self_signed_jwt.py +++ b/adal/self_signed_jwt.py @@ -57,7 +57,11 @@ def _sign_jwt(header, payload, certificate): return encoded_jwt def _encode_jwt(payload, certificate, header): - return jwt.encode(payload, certificate, algorithm='RS256', headers=header).decode() + encoded = jwt.encode(payload, certificate, algorithm='RS256', headers=header) + try: + return encoded.decode() # PyJWT 1.x returns bytes; historically we convert it to string + except AttributeError: + return encoded # PyJWT 2 will return string def _raise_on_invalid_jwt_signature(encoded_jwt): segments = encoded_jwt.split('.') diff --git a/setup.py b/setup.py index 8f87b429..6b28f9be 100644 --- a/setup.py +++ b/setup.py @@ -76,9 +76,9 @@ ], packages=['adal'], install_requires=[ - 'PyJWT>=1.0.0', - 'requests>=2.0.0', - 'python-dateutil>=2.1.0', + 'PyJWT>=1.0.0,<3', + 'requests>=2.0.0,<3', + 'python-dateutil>=2.1.0,<3', 'cryptography>=1.1.0' ] ) From 9c5bb85243abc1710d0b7efc4ae8147adc583674 Mon Sep 17 00:00:00 2001 From: Ray Luo Date: Thu, 21 Jan 2021 14:52:15 -0800 Subject: [PATCH 4/4] ADAL Python 1.2.6 Bumping version number --- adal/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adal/__init__.py b/adal/__init__.py index 7c2cdaa3..cc323e14 100644 --- a/adal/__init__.py +++ b/adal/__init__.py @@ -27,7 +27,7 @@ # pylint: disable=wrong-import-position -__version__ = '1.2.5' +__version__ = '1.2.6' import logging