Merge branch 'master' into upgrade-dependabot

This commit is contained in:
Jasmine Schladen 2021-03-16 15:41:18 -07:00 committed by GitHub
commit b5c38c2854
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 211 additions and 16 deletions

View File

@ -18,6 +18,16 @@ jobs:
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Autobump version
run: |
# from refs/tags/v0.8.1 get 0.8.1
VERSION=$(echo $GITHUB_REF | sed 's#.*/v##')
PLACEHOLDER='__version__ = "develop"'
VERSION_FILE='lemur/__about__.py'
# in case placeholder is missing, exists with code 1 and github actions aborts the build
grep "$PLACEHOLDER" "$VERSION_FILE"
sed -i "s/$PLACEHOLDER/__version__ = \"${VERSION}\"/g" "$VERSION_FILE"
shell: bash
- name: Install dependencies
run: |
python -m pip install --upgrade pip

View File

@ -1,6 +1,37 @@
Changelog
=========
0.8.1 - `2021-03-12`
~~~~~~~~~~~~~~~~~~~~
This release includes improvements on many fronts, such as:
- Notifications:
- Enhanced SNS flow
- Expiration Summary
- CA expiration email
- EC algorithm as the default
- Improved revocation flow
- Localized AWS STS option
- Improved Lemur doc building
- ACME:
- reduced failed attempts to 3x trials
- support for selecting the chain (Let's Encrypt X1 transition)
- revocation
- http01 documentation
- Entrust:
- Support for cross-signed intermediate CA
- Revised disclosure process
- Dependency updates and conflict resolutions
Special thanks to all who contributed to this release, notably:
- `peschmae <https://github.com/peschmae>`_
- `atugushev <https://github.com/atugushev>`_
- `sirferl <https://github.com/sirferl>`_
0.8.0 - `2020-11-13`
~~~~~~~~~~~~~~~~~~~~

View File

@ -875,7 +875,7 @@ account. See :ref:`Using a pre-existing ACME account <AcmeAccountReuse>` for mor
:noindex:
This is an optional parameter to indicate the preferred chain to retrieve from ACME when finalizing the order.
This is applicable to Let's Encrypts recent `migration https://letsencrypt.org/certificates/`_ to their
This is applicable to Let's Encrypts recent `migration <https://letsencrypt.org/certificates/>`_ to their
own root, where they provide two distinct certificate chains (fullchain_pem vs. alternative_fullchains_pem);
the main chain will be the long chain that is rooted in the expiring DTS root, whereas the alternative chain
is rooted in X1 root CA.

View File

@ -15,7 +15,7 @@ __title__ = "lemur"
__summary__ = "Certificate management and orchestration service"
__uri__ = "https://github.com/Netflix/lemur"
__version__ = "0.8.0"
__version__ = "develop"
__author__ = "The Lemur developers"
__email__ = "security@netflix.com"

View File

@ -50,7 +50,7 @@ packaging==20.9
# via bleach
pkginfo==1.5.0.1
# via twine
pre-commit==2.11.0
pre-commit==2.11.1
# via -r requirements-dev.in
pycodestyle==2.6.0
# via flake8

View File

@ -7,6 +7,7 @@ acme
arrow
boto3
botocore
certbot
certsrv
CloudFlare
cryptography

View File

@ -5,7 +5,10 @@
# pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
#
acme==1.13.0
# via -r requirements-docs.in
# via
# -r requirements-docs.in
# -r requirements-tests.txt
# certbot
alabaster==0.7.12
# via sphinx
alembic==1.5.5
@ -48,7 +51,7 @@ blinker==1.4
# flask-mail
# flask-principal
# raven
boto3==1.17.22
boto3==1.17.27
# via
# -r requirements-docs.in
# -r requirements-tests.txt
@ -58,7 +61,7 @@ boto==2.49.0
# via
# -r requirements-tests.txt
# moto
botocore==1.20.22
botocore==1.20.27
# via
# -r requirements-docs.in
# -r requirements-tests.txt
@ -66,6 +69,10 @@ botocore==1.20.22
# boto3
# moto
# s3transfer
certbot==1.13.0
# via
# -r requirements-docs.in
# -r requirements-tests.txt
certifi==2020.12.5
# via
# -r requirements-tests.txt
@ -93,6 +100,14 @@ click==7.1.2
# flask
cloudflare==2.8.15
# via -r requirements-docs.in
configargparse==1.4
# via
# -r requirements-tests.txt
# certbot
configobj==5.0.6
# via
# -r requirements-tests.txt
# certbot
coverage==5.5
# via -r requirements-tests.txt
cryptography==3.4.6
@ -100,6 +115,7 @@ cryptography==3.4.6
# -r requirements-docs.in
# -r requirements-tests.txt
# acme
# certbot
# josepy
# moto
# paramiko
@ -110,6 +126,10 @@ decorator==4.4.2
# via
# -r requirements-tests.txt
# networkx
distro==1.5.0
# via
# -r requirements-tests.txt
# certbot
dnspython3==1.15.0
# via -r requirements-docs.in
dnspython==1.15.0
@ -225,7 +245,9 @@ jmespath==0.9.5
josepy==1.7.0
# via
# -r requirements-docs.in
# -r requirements-tests.txt
# acme
# certbot
jsondiff==1.1.2
# via
# -r requirements-tests.txt
@ -292,6 +314,10 @@ packaging==20.3
# sphinx
paramiko==2.7.2
# via -r requirements-docs.in
parsedatetime==2.6
# via
# -r requirements-tests.txt
# certbot
pathspec==0.8.0
# via
# -r requirements-tests.txt
@ -338,6 +364,7 @@ pynacl==1.4.0
pyopenssl==20.0.1
# via
# -r requirements-docs.in
# -r requirements-tests.txt
# acme
# josepy
pyparsing==2.4.7
@ -345,7 +372,10 @@ pyparsing==2.4.7
# -r requirements-tests.txt
# packaging
pyrfc3339==1.1
# via acme
# via
# -r requirements-tests.txt
# acme
# certbot
pyrsistent==0.16.0
# via
# -r requirements-tests.txt
@ -381,6 +411,7 @@ pytz==2019.3
# -r requirements-tests.txt
# acme
# babel
# certbot
# flask-restful
# moto
# pyrfc3339
@ -405,7 +436,9 @@ regex==2020.4.4
requests-mock==1.8.0
# via -r requirements-tests.txt
requests-toolbelt==0.9.1
# via acme
# via
# -r requirements-tests.txt
# acme
requests==2.25.1
# via
# -r requirements-tests.txt
@ -440,6 +473,7 @@ six==1.15.0
# bandit
# bcrypt
# cfn-lint
# configobj
# docker
# ecdsa
# fakeredis
@ -563,6 +597,36 @@ zipp==3.1.0
# -r requirements-tests.txt
# importlib-metadata
# moto
zope.component==4.6.2
# via
# -r requirements-tests.txt
# certbot
zope.deferredimport==4.3.1
# via
# -r requirements-tests.txt
# zope.component
zope.deprecation==4.4.0
# via
# -r requirements-tests.txt
# zope.component
zope.event==4.5.0
# via
# -r requirements-tests.txt
# zope.component
zope.hookable==5.0.1
# via
# -r requirements-tests.txt
# zope.component
zope.interface==5.2.0
# via
# -r requirements-tests.txt
# certbot
# zope.component
# zope.proxy
zope.proxy==4.3.5
# via
# -r requirements-tests.txt
# zope.deferredimport
# The following packages are considered to be unsafe in a requirements file:
# setuptools

View File

@ -4,6 +4,8 @@
#
# pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in
#
acme==1.13.0
# via certbot
appdirs==1.4.3
# via black
attrs==19.3.0
@ -18,19 +20,20 @@ bandit==1.7.0
# via -r requirements-tests.in
black==20.8b1
# via -r requirements-tests.in
boto3==1.17.22
boto3==1.17.27
# via
# aws-sam-translator
# moto
boto==2.49.0
# via moto
botocore==1.20.22
botocore==1.20.27
# via
# aws-xray-sdk
# boto3
# moto
# s3transfer
certbot==1.13.0
# via -r requirements-tests.in
certifi==2020.12.5
# via requests
cffi==1.14.0
@ -43,15 +46,25 @@ click==7.1.2
# via
# black
# flask
configargparse==1.4
# via certbot
configobj==5.0.6
# via certbot
coverage==5.5
# via -r requirements-tests.in
cryptography==3.4.6
# via
# acme
# certbot
# josepy
# moto
# pyopenssl
# python-jose
# sshpubkeys
decorator==4.4.2
# via networkx
distro==1.5.0
# via certbot
docker==4.2.0
# via moto
ecdsa==0.14.1
@ -95,6 +108,10 @@ jmespath==0.9.5
# via
# boto3
# botocore
josepy==1.7.0
# via
# acme
# certbot
jsondiff==1.1.2
# via moto
jsonpatch==1.25
@ -125,6 +142,8 @@ nose==1.3.7
# via -r requirements-tests.in
packaging==20.3
# via pytest
parsedatetime==2.6
# via certbot
pathspec==0.8.0
# via black
pbr==5.4.5
@ -141,8 +160,16 @@ pycparser==2.20
# via cffi
pyflakes==2.2.0
# via -r requirements-tests.in
pyopenssl==20.0.1
# via
# acme
# josepy
pyparsing==2.4.7
# via packaging
pyrfc3339==1.1
# via
# acme
# certbot
pyrsistent==0.16.0
# via jsonschema
pytest-flask==1.2.0
@ -163,7 +190,11 @@ python-dateutil==2.8.1
python-jose[cryptography]==3.1.0
# via moto
pytz==2019.3
# via moto
# via
# acme
# certbot
# moto
# pyrfc3339
pyyaml==5.4.1
# via
# -r requirements-tests.in
@ -176,11 +207,15 @@ regex==2020.4.4
# via black
requests-mock==1.8.0
# via -r requirements-tests.in
requests-toolbelt==0.9.1
# via acme
requests==2.25.1
# via
# acme
# docker
# moto
# requests-mock
# requests-toolbelt
# responses
responses==0.10.12
# via moto
@ -193,12 +228,15 @@ six==1.15.0
# aws-sam-translator
# bandit
# cfn-lint
# configobj
# docker
# ecdsa
# fakeredis
# josepy
# jsonschema
# moto
# packaging
# pyopenssl
# pyrsistent
# python-dateutil
# python-jose
@ -243,6 +281,23 @@ zipp==3.1.0
# via
# importlib-metadata
# moto
zope.component==4.6.2
# via certbot
zope.deferredimport==4.3.1
# via zope.component
zope.deprecation==4.4.0
# via zope.component
zope.event==4.5.0
# via zope.component
zope.hookable==5.0.1
# via zope.component
zope.interface==5.2.0
# via
# certbot
# zope.component
# zope.proxy
zope.proxy==4.3.5
# via zope.deferredimport
# The following packages are considered to be unsafe in a requirements file:
# setuptools

View File

@ -5,7 +5,9 @@
# pip-compile --no-index --output-file=requirements.txt requirements.in
#
acme==1.13.0
# via -r requirements.in
# via
# -r requirements.in
# certbot
alembic-autogenerate-enums==0.0.2
# via -r requirements.in
alembic==1.4.2
@ -31,9 +33,9 @@ blinker==1.4
# flask-mail
# flask-principal
# raven
boto3==1.17.22
boto3==1.17.27
# via -r requirements.in
botocore==1.20.22
botocore==1.20.27
# via
# -r requirements.in
# boto3
@ -41,6 +43,7 @@ botocore==1.20.22
celery[redis]==4.4.2
# via -r requirements.in
certbot==1.13.0
# via -r requirements.in
certifi==2020.12.5
# via
# -r requirements.in
@ -58,13 +61,20 @@ click==7.1.2
# via flask
cloudflare==2.8.15
# via -r requirements.in
configargparse==1.4
# via certbot
configobj==5.0.6
# via certbot
cryptography==3.4.6
# via
# -r requirements.in
# acme
# certbot
# josepy
# paramiko
# pyopenssl
distro==1.5.0
# via certbot
dnspython3==1.15.0
# via -r requirements.in
dnspython==1.15.0
@ -126,7 +136,9 @@ jmespath==0.9.5
# boto3
# botocore
josepy==1.7.0
# via acme
# via
# acme
# certbot
jsonlines==1.2.0
# via cloudflare
kombu==4.6.8
@ -151,6 +163,8 @@ ndg-httpsclient==0.5.1
# via -r requirements.in
paramiko==2.7.2
# via -r requirements.in
parsedatetime==2.6
# via certbot
pem==21.1.0
# via -r requirements.in
psycopg2==2.8.6
@ -182,7 +196,9 @@ pyopenssl==20.0.1
# josepy
# ndg-httpsclient
pyrfc3339==1.1
# via acme
# via
# acme
# certbot
python-dateutil==2.8.1
# via
# alembic
@ -198,6 +214,7 @@ pytz==2019.3
# via
# acme
# celery
# certbot
# flask-restful
# pyrfc3339
pyyaml==5.4.1
@ -228,6 +245,7 @@ six==1.15.0
# via
# -r requirements.in
# bcrypt
# configobj
# flask-cors
# flask-restful
# hvac
@ -264,6 +282,22 @@ werkzeug==1.0.1
# via flask
xmltodict==0.12.0
# via -r requirements.in
zope.component==4.6.2
# via certbot
zope.deferredimport==4.3.1
# via zope.component
zope.deprecation==4.4.0
# via zope.component
zope.event==4.5.0
# via zope.component
zope.hookable==5.0.1
# via zope.component
zope.interface==5.2.0
# via
# certbot
# zope.component
zope.proxy==4.3.5
# via zope.deferredimport
# The following packages are considered to be unsafe in a requirements file:
# setuptools