From 3e8ca982a10e525d1ad45b24de4c28af4af2cc25 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 16:41:17 +0000
Subject: [PATCH 01/77] Bump acme from 1.6.0 to 1.7.0

Bumps [acme](https://github.com/letsencrypt/letsencrypt) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/letsencrypt/letsencrypt/releases)
- [Commits](https://github.com/letsencrypt/letsencrypt/compare/v1.6.0...v1.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 7e187213..a70fc3ea 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
 #
-acme==1.6.0               # via -r requirements.txt
+acme==1.7.0               # via -r requirements.txt
 alabaster==0.7.12         # via sphinx
 alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
diff --git a/requirements.txt b/requirements.txt
index d9e86d97..86650ced 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --no-index --output-file=requirements.txt requirements.in
 #
-acme==1.6.0               # via -r requirements.in
+acme==1.7.0               # via -r requirements.in
 alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu

From 7b2b3911bc181759e17bd71bc8d6bf29cf45dca6 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:19:48 +0000
Subject: [PATCH 02/77] Bump fakeredis from 1.4.1 to 1.4.3

Bumps [fakeredis](https://github.com/jamesls/fakeredis) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/jamesls/fakeredis/releases)
- [Commits](https://github.com/jamesls/fakeredis/compare/1.4.1...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 7fd13f76..10c3209b 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -26,7 +26,7 @@ docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
 factory-boy==2.12.0       # via -r requirements-tests.in
 faker==4.1.1              # via -r requirements-tests.in, factory-boy
-fakeredis==1.4.1          # via -r requirements-tests.in
+fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
 freezegun==0.3.15         # via -r requirements-tests.in
 future==0.18.2            # via aws-xray-sdk

From 553b7fab8d7780b16a011db3378df67f5ac3c545 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:28:39 +0000
Subject: [PATCH 03/77] Bump factory-boy from 2.12.0 to 3.0.1

Bumps [factory-boy](https://github.com/FactoryBoy/factory_boy) from 2.12.0 to 3.0.1.
- [Release notes](https://github.com/FactoryBoy/factory_boy/releases)
- [Changelog](https://github.com/FactoryBoy/factory_boy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/FactoryBoy/factory_boy/compare/2.12.0...3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 10c3209b..4893d4e3 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -24,7 +24,7 @@ decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
-factory-boy==2.12.0       # via -r requirements-tests.in
+factory-boy==3.0.1        # via -r requirements-tests.in
 faker==4.1.1              # via -r requirements-tests.in, factory-boy
 fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask

From 660a09e4c92ef4874bc2e20783cec02f21ef1494 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:41:18 +0000
Subject: [PATCH 04/77] Bump pre-commit from 2.6.0 to 2.7.1

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.6.0 to 2.7.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.6.0...v2.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 2299848e..97ec82d1 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -24,7 +24,7 @@ keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
 nodeenv==1.4.0            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
-pre-commit==2.6.0         # via -r requirements-dev.in
+pre-commit==2.7.1         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8
 pycparser==2.20           # via cffi
 pyflakes==1.6.0           # via flake8

From ad0e469e92c797c66dc86f12d51c34a2a5707365 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:54:14 +0000
Subject: [PATCH 05/77] Bump nodeenv from 1.4.0 to 1.5.0

Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/ekalinin/nodeenv/releases)
- [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES)
- [Commits](https://github.com/ekalinin/nodeenv/compare/1.4.0...1.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 97ec82d1..a029d4ae 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -22,7 +22,7 @@ invoke==1.4.1             # via -r requirements-dev.in
 jeepney==0.4.3            # via keyring, secretstorage
 keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
-nodeenv==1.4.0            # via -r requirements-dev.in, pre-commit
+nodeenv==1.5.0            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
 pre-commit==2.7.1         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8

From 61eac2aada6d54f822d443d3dd4f66670da7b6a0 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:03:20 +0000
Subject: [PATCH 06/77] Bump faker from 4.1.1 to 4.1.2

Bumps [faker](https://github.com/joke2k/faker) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/joke2k/faker/releases)
- [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/joke2k/faker/compare/v4.1.1...v4.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 4893d4e3..ee406105 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -25,7 +25,7 @@ docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
 factory-boy==3.0.1        # via -r requirements-tests.in
-faker==4.1.1              # via -r requirements-tests.in, factory-boy
+faker==4.1.2              # via -r requirements-tests.in, factory-boy
 fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
 freezegun==0.3.15         # via -r requirements-tests.in

From 1a8e96ed329a77d0a6727fe48706900226ebe44f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:12:28 +0000
Subject: [PATCH 07/77] Bump sphinx from 3.2.0 to 3.2.1

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.2.0...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index a70fc3ea..202e0700 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -92,7 +92,7 @@ six==1.15.0               # via -r requirements.txt, acme, bcrypt, cryptography,
 snowballstemmer==2.0.0    # via sphinx
 soupsieve==2.0.1          # via -r requirements.txt, beautifulsoup4
 sphinx-rtd-theme==0.5.0   # via -r requirements-docs.in
-sphinx==3.2.0             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
+sphinx==3.2.1             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
 sphinxcontrib-applehelp==1.0.2  # via sphinx
 sphinxcontrib-devhelp==1.0.2  # via sphinx
 sphinxcontrib-htmlhelp==1.0.3  # via sphinx

From 88a043cfecf0e65d3651855588418f52cac1be6b Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:28:42 +0000
Subject: [PATCH 08/77] Bump inflection from 0.5.0 to 0.5.1

Bumps [inflection](https://github.com/jpvanhal/inflection) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/jpvanhal/inflection/releases)
- [Commits](https://github.com/jpvanhal/inflection/compare/0.5.0...0.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 202e0700..1a2986d5 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -46,7 +46,7 @@ gunicorn==20.0.4          # via -r requirements.txt
 hvac==0.10.5              # via -r requirements.txt
 idna==2.9                 # via -r requirements.txt, requests
 imagesize==1.2.0          # via sphinx
-inflection==0.5.0         # via -r requirements.txt
+inflection==0.5.1         # via -r requirements.txt
 itsdangerous==1.1.0       # via -r requirements.txt, flask
 javaobj-py3==0.4.0.1      # via -r requirements.txt, pyjks
 jinja2==2.11.2            # via -r requirements.txt, flask, sphinx
diff --git a/requirements.txt b/requirements.txt
index 86650ced..9a0a521c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -43,7 +43,7 @@ future==0.18.2            # via -r requirements.in
 gunicorn==20.0.4          # via -r requirements.in
 hvac==0.10.5              # via -r requirements.in
 idna==2.9                 # via requests
-inflection==0.5.0         # via -r requirements.in
+inflection==0.5.1         # via -r requirements.in
 itsdangerous==1.1.0       # via flask
 javaobj-py3==0.4.0.1      # via pyjks
 jinja2==2.11.2            # via -r requirements.in, flask

From ad5416e441366a756c19992e61b4eb00591e2d4c Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:42:38 +0000
Subject: [PATCH 09/77] Bump pytest-mock from 3.2.0 to 3.3.0

Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.2.0...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index ee406105..1dc1f48d 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -60,7 +60,7 @@ pyflakes==2.2.0           # via -r requirements-tests.in
 pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
 pytest-flask==1.0.0       # via -r requirements-tests.in
-pytest-mock==3.2.0        # via -r requirements-tests.in
+pytest-mock==3.3.0        # via -r requirements-tests.in
 pytest==6.0.1             # via -r requirements-tests.in, pytest-flask, pytest-mock
 python-dateutil==2.8.1    # via botocore, faker, freezegun, moto
 python-jose==3.1.0        # via moto

From a4a83dda72ace6f697a10a02ccc01fde47ce923f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:55:27 +0000
Subject: [PATCH 10/77] Bump cloudflare from 2.8.9 to 2.8.13

Bumps [cloudflare](https://github.com/cloudflare/python-cloudflare) from 2.8.9 to 2.8.13.
- [Release notes](https://github.com/cloudflare/python-cloudflare/releases)
- [Changelog](https://github.com/cloudflare/python-cloudflare/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/python-cloudflare/compare/2.8.9...2.8.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 1a2986d5..69679ebf 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -25,7 +25,7 @@ certsrv==2.1.1            # via -r requirements.txt
 cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynacl
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
-cloudflare==2.8.9         # via -r requirements.txt
+cloudflare==2.8.13        # via -r requirements.txt
 cryptography==3.0         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
diff --git a/requirements.txt b/requirements.txt
index 9a0a521c..9a0a2833 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ certsrv==2.1.1            # via -r requirements.in
 cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
-cloudflare==2.8.9         # via -r requirements.in
+cloudflare==2.8.13        # via -r requirements.in
 cryptography==3.0         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3

From 939c41a70eff246ac1a83cee97e9ab6135aee466 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 19:04:47 +0000
Subject: [PATCH 11/77] Bump arrow from 0.15.8 to 0.16.0

Bumps [arrow](https://github.com/arrow-py/arrow) from 0.15.8 to 0.16.0.
- [Release notes](https://github.com/arrow-py/arrow/releases)
- [Changelog](https://github.com/arrow-py/arrow/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/arrow-py/arrow/compare/0.15.8...0.16.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 69679ebf..045c1832 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -10,7 +10,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
 amqp==2.5.2               # via -r requirements.txt, kombu
 aniso8601==8.0.0          # via -r requirements.txt, flask-restful
-arrow==0.15.8             # via -r requirements.txt
+arrow==0.16.0             # via -r requirements.txt
 asyncpool==1.0            # via -r requirements.txt
 babel==2.8.0              # via sphinx
 bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
diff --git a/requirements.txt b/requirements.txt
index 9a0a2833..2ecb1f9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,7 +9,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu
 aniso8601==8.0.0          # via flask-restful
-arrow==0.15.8             # via -r requirements.in
+arrow==0.16.0             # via -r requirements.in
 asyncpool==1.0            # via -r requirements.in
 bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare

From 0f463d5f13ef75100aa04a416722425f0fbec038 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 19:17:13 +0000
Subject: [PATCH 12/77] Bump boto3 from 1.14.33 to 1.14.48

Bumps [boto3](https://github.com/boto/boto3) from 1.14.33 to 1.14.48.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.33...1.14.48)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 4 ++--
 requirements-tests.txt | 4 ++--
 requirements.txt       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 045c1832..0ee5d42e 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -17,8 +17,8 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.txt
-botocore==1.17.33         # via -r requirements.txt, boto3, s3transfer
+boto3==1.14.48            # via -r requirements.txt
+botocore==1.17.48         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 1dc1f48d..303338c1 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,9 +10,9 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==19.10b0            # via -r requirements-tests.in
-boto3==1.14.33            # via aws-sam-translator, moto
+boto3==1.14.48            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.33         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.48         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
diff --git a/requirements.txt b/requirements.txt
index 2ecb1f9c..c79ec23d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,8 +15,8 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.in
-botocore==1.17.33         # via -r requirements.in, boto3, s3transfer
+boto3==1.14.48            # via -r requirements.in
+botocore==1.17.48         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in

From 3efe14c43f6efac50ed59a1bcd942c57345ed360 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 25 Aug 2020 16:26:20 -0700
Subject: [PATCH 13/77] Remove 397 days validation as it causes error in API
 calls More to come in future

---
 lemur/common/validators.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lemur/common/validators.py b/lemur/common/validators.py
index 74095255..e1dfe3c1 100644
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@@ -152,18 +152,6 @@ def dates(data):
                         data["authority"].authority_certificate.not_after
                     )
                 )
-            # Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
-            # for certs issued by public CA
-            # The list of public issuers can be managed through a config named PUBLIC_CA
-            public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
-            if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
-                max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
-                if (
-                    (data.get("validity_end").date() - data.get("validity_start").date()).days
-                    > max_validity_days
-                ):
-                    raise ValidationError("Certificate cannot be valid for more than " +
-                                          str(max_validity_days) + " days")
 
     return data
 

From be21d357cb20e45b0f3bebe3da61d95fba72134a Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Wed, 26 Aug 2020 01:38:17 -0700
Subject: [PATCH 14/77] fixing setup-git so build continues if ./git/hooks does
 not exist.

---
 Makefile | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 069eb29b..fb8b9afa 100644
--- a/Makefile
+++ b/Makefile
@@ -49,10 +49,13 @@ reset-db:
 	cd lemur && lemur db upgrade
 
 setup-git:
-	@echo "--> Installing git hooks"
-	git config branch.autosetuprebase always
-	cd .git/hooks && ln -sf ../../hooks/* ./
-	@echo ""
+	if [ -d .git/hooks ]; then \
+		@echo "--> Installing git hooks"; \
+		git config branch.autosetuprebase always; \
+		cd .git/hooks && ln -sf ../../hooks/* ./; \
+		@echo ""; \
+	fi
+
 
 clean:
 	@echo "--> Cleaning static cache"

From 27c553917818ae41e3109064a4cc9c366297b64a Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Wed, 26 Aug 2020 01:47:17 -0700
Subject: [PATCH 15/77] fixing Makefile build issue with @echo

---
 Makefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index fb8b9afa..3312a41d 100644
--- a/Makefile
+++ b/Makefile
@@ -49,13 +49,12 @@ reset-db:
 	cd lemur && lemur db upgrade
 
 setup-git:
+	@echo "--> Installing git hooks"
 	if [ -d .git/hooks ]; then \
-		@echo "--> Installing git hooks"; \
 		git config branch.autosetuprebase always; \
 		cd .git/hooks && ln -sf ../../hooks/* ./; \
-		@echo ""; \
 	fi
-
+	@echo ""
 
 clean:
 	@echo "--> Cleaning static cache"

From c169ad291e8605676f3e68cf63e912838c1f650b Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 27 Aug 2020 13:29:56 -0700
Subject: [PATCH 16/77] adding the correct signing algorithm, and a missing key
 Type

---
 lemur/authorities/schemas.py                  |  5 ++--
 .../authorities/authority/options.tpl.html    |  4 ++--
 lemur/tests/test_authorities.py               | 23 +++++++++++++++++++
 3 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index c78aec94..9f9d4686 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -56,11 +56,12 @@ class AuthorityInputSchema(LemurInputSchema):
     type = fields.String(validate=validate.OneOf(["root", "subca"]), missing="root")
     parent = fields.Nested(AssociatedAuthoritySchema)
     signing_algorithm = fields.String(
-        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA"]),
+        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA",
+                                 "sha256WithECDSA", "SHA384withECDSA", "SHA512withECDSA"]),
         missing="sha256WithRSA",
     )
     key_type = fields.String(
-        validate=validate.OneOf(["RSA2048", "RSA4096"]), missing="RSA2048"
+        validate=validate.OneOf(["RSA2048", "RSA4096", "EC256"]), missing="RSA2048"
     )
     key_name = fields.String()
     sensitivity = fields.String(
diff --git a/lemur/static/app/angular/authorities/authority/options.tpl.html b/lemur/static/app/angular/authorities/authority/options.tpl.html
index dbc4f40a..7ba858a7 100644
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@@ -4,7 +4,7 @@
       Signing Algorithm
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
+      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA', 'sha256WithECDSA', 'SHA384withECDSA', 'SHA512withECDSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
     </div>
   </div>
   <div class="form-group">
@@ -20,7 +20,7 @@
       Key Type
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
+      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'EC256', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
       'ECCSECT163K1', 'ECCSECT233K1', 'ECCSECT283K1', 'ECCSECT409K1', 'ECCSECT571K1', 'ECCSECT163R2', 'ECCSECT233R1', 'ECCSECT283R1', 'ECCSECT409R1', 'ECCSECT571R2']" ng-init="authority.keyType = 'RSA2048'"></select>
     </div>
   </div>
diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py
index 9649e949..6090d0b6 100644
--- a/lemur/tests/test_authorities.py
+++ b/lemur/tests/test_authorities.py
@@ -34,6 +34,29 @@ def test_authority_input_schema(client, role, issuer_plugin, logged_in_user):
     assert not errors
 
 
+def test_authority_input_schema_ecc(client, role, issuer_plugin, logged_in_user):
+    from lemur.authorities.schemas import AuthorityInputSchema
+
+    input_data = {
+        "name": "Example Authority",
+        "owner": "jim@example.com",
+        "description": "An example authority.",
+        "commonName": "An Example Authority",
+        "plugin": {
+            "slug": "test-issuer",
+            "plugin_options": [{"name": "test", "value": "blah"}],
+        },
+        "type": "root",
+        "signingAlgorithm": "sha256WithECDSA",
+        "keyType": "EC256",
+        "sensitivity": "medium",
+    }
+
+    data, errors = AuthorityInputSchema().load(input_data)
+
+    assert not errors
+
+
 def test_user_authority(session, client, authority, role, user, issuer_plugin):
     u = user["user"]
     u.roles.append(role)

From 5a6e4e5b43628558c931d15e7eb8529e22b1f093 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Tue, 14 Jul 2020 17:35:13 -0700
Subject: [PATCH 17/77] Let's Encrypt has been using a cross-signed
 intermediate CA by DST Root CA X3, which is included in any older devices'
 TrustStore. https://letsencrypt.org/certificates/

Let's Encrypt is transitioning to use the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020. This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html

This PR allows Lemur to pin to the cross-signed ICA (same public/private key pair as the ICA signed by ISRG X1). This will prolong support for incompatible systems.
---
 lemur/plugins/lemur_acme/plugin.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/lemur/plugins/lemur_acme/plugin.py b/lemur/plugins/lemur_acme/plugin.py
index 3fc1df61..16d61a0f 100644
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@@ -205,9 +205,15 @@ class AcmeHandler(object):
                 OpenSSL.crypto.FILETYPE_PEM, orderr.fullchain_pem
             ),
         ).decode()
-        pem_certificate_chain = orderr.fullchain_pem[
-            len(pem_certificate) :  # noqa
-        ].lstrip()
+
+        if current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA", False) \
+                and datetime.datetime.now() < datetime.datetime.strptime(
+                    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
+            pem_certificate_chain = current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA")
+        else:
+            pem_certificate_chain = orderr.fullchain_pem[
+                len(pem_certificate) :  # noqa
+            ].lstrip()
 
         current_app.logger.debug(
             "{0} {1}".format(type(pem_certificate), type(pem_certificate_chain))

From f4bcd1cf304c1a9eada8b5f9f82fd565e404efd2 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Wed, 15 Jul 2020 17:04:49 -0700
Subject: [PATCH 18/77] lack of an empty config file was resulting into this
 error

```
Traceback (most recent call last):
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/tests/test_acme.py", line 159, in test_request_certificate
    self.acme.request_certificate(mock_acme, [], mock_order)
  File "/home/travis/build/Netflix/lemur/lemur/plugins/lemur_acme/plugin.py", line 211, in request_certificate
    current_app.config.get("IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE", "17/03/21"), '%d/%m/%y'):
TypeError: strptime() argument 1 must be str, not MagicMock
```
---
 lemur/plugins/lemur_acme/tests/test_acme.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lemur/plugins/lemur_acme/tests/test_acme.py b/lemur/plugins/lemur_acme/tests/test_acme.py
index 94949a74..8320a2de 100644
--- a/lemur/plugins/lemur_acme/tests/test_acme.py
+++ b/lemur/plugins/lemur_acme/tests/test_acme.py
@@ -156,6 +156,7 @@ class TestAcme(unittest.TestCase):
         mock_acme.fetch_chain = Mock(return_value="mock_chain")
         mock_crypto.dump_certificate = Mock(return_value=b"chain")
         mock_order = Mock()
+        mock_current_app.config = {}
         self.acme.request_certificate(mock_acme, [], mock_order)
 
     def test_setup_acme_client_fail(self):

From bc8eda2a6bd39f74410c7df78e6a610142a15f01 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Fri, 31 Jul 2020 17:54:18 -0700
Subject: [PATCH 19/77] fixing Dockerfile, Lemur builds now

---
 Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Dockerfile b/Dockerfile
index fc83a034..a7f8c878 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,7 @@ RUN apt-get install -y make software-properties-common curl
 RUN curl -sL https://deb.nodesource.com/setup_7.x | bash -
 RUN apt-get update
 RUN apt-get install -y npm libldap2-dev libsasl2-dev libldap2-dev libssl-dev
+RUN pip install pip==20.0.2
 RUN pip install -U setuptools
 RUN pip install coveralls bandit
 WORKDIR /app

From 85f18afa8102b588f5d52e8f47d1c824e802ab07 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 3 Aug 2020 13:36:46 +0000
Subject: [PATCH 20/77] Bump pytest from 5.4.3 to 6.0.1

Bumps [pytest](https://github.com/pytest-dev/pytest) from 5.4.3 to 6.0.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/5.4.3...6.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index cd625630..3d5c4318 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -34,6 +34,7 @@ gitdb==4.0.4              # via gitpython
 gitpython==3.1.1          # via bandit
 idna==2.8                 # via moto, requests
 importlib-metadata==1.6.0  # via jsonpickle
+iniconfig==1.0.1          # via pytest
 itsdangerous==1.1.0       # via flask
 jinja2==2.11.2            # via flask, moto
 jmespath==0.9.5           # via boto3, botocore
@@ -52,7 +53,7 @@ packaging==20.3           # via pytest
 pathspec==0.8.0           # via black
 pbr==5.4.5                # via stevedore
 pluggy==0.13.1            # via pytest
-py==1.8.1                 # via pytest
+py==1.9.0                 # via pytest
 pyasn1==0.4.8             # via python-jose, rsa
 pycparser==2.20           # via cffi
 pyflakes==2.2.0           # via -r requirements-tests.in
@@ -60,7 +61,7 @@ pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
 pytest-flask==1.0.0       # via -r requirements-tests.in
 pytest-mock==3.2.0        # via -r requirements-tests.in
-pytest==5.4.3             # via -r requirements-tests.in, pytest-flask, pytest-mock
+pytest==6.0.1             # via -r requirements-tests.in, pytest-flask, pytest-mock
 python-dateutil==2.8.1    # via botocore, faker, freezegun, moto
 python-jose==3.1.0        # via moto
 pytz==2019.3              # via moto
@@ -78,10 +79,9 @@ sortedcontainers==2.1.0   # via fakeredis
 sshpubkeys==3.1.0         # via moto
 stevedore==1.32.0         # via bandit
 text-unidecode==1.3       # via faker
-toml==0.10.0              # via black
+toml==0.10.0              # via black, pytest
 typed-ast==1.4.1          # via black
 urllib3==1.25.8           # via botocore, requests
-wcwidth==0.1.9            # via pytest
 websocket-client==0.57.0  # via docker
 werkzeug==1.0.1           # via flask, moto, pytest-flask
 wrapt==1.12.1             # via aws-xray-sdk

From 5c5e53b8ec635e6c8bb54bf35bee3ad5a58742eb Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 3 Aug 2020 17:27:26 +0000
Subject: [PATCH 21/77] Bump botocore from 1.17.28 to 1.17.33

Bumps [botocore](https://github.com/boto/botocore) from 1.17.28 to 1.17.33.
- [Release notes](https://github.com/boto/botocore/releases)
- [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/botocore/compare/1.17.28...1.17.33)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 2 +-
 requirements-tests.txt | 2 +-
 requirements.txt       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 4f70314f..63af4e4a 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -18,7 +18,7 @@ beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
 boto3==1.14.28            # via -r requirements.txt
-botocore==1.17.28         # via -r requirements.txt, boto3, s3transfer
+botocore==1.17.33         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 3d5c4318..3212f033 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -12,7 +12,7 @@ bandit==1.6.2             # via -r requirements-tests.in
 black==19.10b0            # via -r requirements-tests.in
 boto3==1.14.28            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.28         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.33         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
diff --git a/requirements.txt b/requirements.txt
index a57f6205..eb4be2fd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
 boto3==1.14.28            # via -r requirements.in
-botocore==1.17.28         # via -r requirements.in, boto3, s3transfer
+botocore==1.17.33         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in

From de0e646cf9d7a02e1b660b942270f01568f24783 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 3 Aug 2020 17:38:07 +0000
Subject: [PATCH 22/77] Bump boto3 from 1.14.28 to 1.14.33

Bumps [boto3](https://github.com/boto/boto3) from 1.14.28 to 1.14.33.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.28...1.14.33)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 2 +-
 requirements-tests.txt | 2 +-
 requirements.txt       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 63af4e4a..3d1ed54c 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -17,7 +17,7 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.28            # via -r requirements.txt
+boto3==1.14.33            # via -r requirements.txt
 botocore==1.17.33         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 3212f033..7fd13f76 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,7 +10,7 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==19.10b0            # via -r requirements-tests.in
-boto3==1.14.28            # via aws-sam-translator, moto
+boto3==1.14.33            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
 botocore==1.17.33         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
diff --git a/requirements.txt b/requirements.txt
index eb4be2fd..46723b0d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,7 +15,7 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.28            # via -r requirements.in
+boto3==1.14.33            # via -r requirements.in
 botocore==1.17.33         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests

From d07464f3b1245b521da7ded21cfd8af66d34ec21 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Mon, 3 Aug 2020 16:14:14 -0700
Subject: [PATCH 23/77] updating documentation for cross-signed ICA

---
 docs/production/index.rst | 50 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/docs/production/index.rst b/docs/production/index.rst
index b91ed6bd..67e97dae 100644
--- a/docs/production/index.rst
+++ b/docs/production/index.rst
@@ -451,3 +451,53 @@ LetsEncrypt flow to function. However, Lemur will attempt to automatically deter
 possible. To enable this functionality, periodically (or through Cron/Celery) run `lemur dns_providers get_all_zones`.
 This command will traverse all DNS providers, determine which zones they control, and upload this list of zones to
 Lemur's database (in the dns_providers table). Alternatively, you can manually input this data.
+
+
+LetsEncrypt: pinning to cross-signed ICA
+----------------------------------------
+
+Let's Encrypt has been using a `cross-signed <https://letsencrypt.org/certificates/>`_ intermediate CA by DST Root CA X3,
+which is included in many older devices' TrustStore.
+
+
+Let's Encrypt is `transitioning <https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html>`_ to use
+the intermediate CA issued by their own root (ISRG X1) starting from September 29th 2020.
+This is in preparation of concluding the initial bootstrapping of their CA, by having it cross-signed by an older CA.
+
+
+Lemur can temporarily pin to the cross-signed intermediate CA (same public/private key pair as the ICA signed by ISRG X1).
+This will prolong support for incompatible devices.
+
+The following must be added to the config file to activate the pinning (the pinning will be removed by September 2021)::
+
+    # remove or update after Mar 17 16:40:46 2021 GMT
+    IDENTRUST_CROSS_SIGNED_LE_ICA_EXPIRATION_DATE = "17/03/21"
+    IDENTRUST_CROSS_SIGNED_LE_ICA = """
+    -----BEGIN CERTIFICATE-----
+    MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+    MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+    DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+    SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+    GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+    AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+    q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+    SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+    Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+    a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+    /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+    CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+    bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+    c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+    VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+    ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+    MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+    Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+    AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+    uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+    wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+    X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+    PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+    KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+    -----END CERTIFICATE-----
+    """

From 69b64c63ea8670f479afe73bace1921cb7a9fc24 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 3 Aug 2020 19:22:13 -0700
Subject: [PATCH 24/77] Honor selected algorithm during certificate cloning

---
 .../static/app/angular/certificates/certificate/certificate.js  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 21f61f22..83b0cfe8 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -212,12 +212,14 @@ angular.module('lemur')
   })
 
 .controller('CertificateCloneController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, AuthorityApi, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService, toaster, editId) {
+  $scope.certificate = LemurRestangular.restangularizeElement(null, {}, 'certificates');
   CertificateApi.get(editId).then(function (certificate) {
     $scope.certificate = certificate;
     $scope.certificate.name = ''; // we should prefer the generated name
     $scope.certificate.csr = null;  // should not clone CSR in case other settings are changed in clone
     $scope.certificate.validityStart = null;
     $scope.certificate.validityEnd = null;
+    $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
     CertificateService.getDefaults($scope.certificate);
   });
 

From e75e472a1acd95989bdc87d36b14b4b050a280fb Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 3 Aug 2020 19:23:24 -0700
Subject: [PATCH 25/77] Do not inherit replacement info during cert clone

---
 .../static/app/angular/certificates/certificate/certificate.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 83b0cfe8..bb4e7db6 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -215,11 +215,14 @@ angular.module('lemur')
   $scope.certificate = LemurRestangular.restangularizeElement(null, {}, 'certificates');
   CertificateApi.get(editId).then(function (certificate) {
     $scope.certificate = certificate;
+    // prepare the certificate for cloning
     $scope.certificate.name = ''; // we should prefer the generated name
     $scope.certificate.csr = null;  // should not clone CSR in case other settings are changed in clone
     $scope.certificate.validityStart = null;
     $scope.certificate.validityEnd = null;
     $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
+    $scope.certificate.replacedBy = []; // should not clone 'replaced by' info
+    $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
     CertificateService.getDefaults($scope.certificate);
   });
 

From 404d213e8f83fa254bea43f60581cce4a9c413c3 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 3 Aug 2020 19:24:06 -0700
Subject: [PATCH 26/77] Modified cert description to have cert id being cloned

---
 lemur/static/app/angular/certificates/certificate/certificate.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index bb4e7db6..155658e6 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -221,6 +221,7 @@ angular.module('lemur')
     $scope.certificate.validityStart = null;
     $scope.certificate.validityEnd = null;
     $scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
+    $scope.certificate.description = 'Cloning from cert ID ' + editId;
     $scope.certificate.replacedBy = []; // should not clone 'replaced by' info
     $scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
     CertificateService.getDefaults($scope.certificate);

From a7082f7332f999f47901cdba803163c8f7fba130 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Mon, 10 Aug 2020 13:43:11 +0000
Subject: [PATCH 27/77] Bump cloudflare from 2.8.8 to 2.8.9

Bumps [cloudflare](https://github.com/cloudflare/python-cloudflare) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/cloudflare/python-cloudflare/releases)
- [Changelog](https://github.com/cloudflare/python-cloudflare/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/python-cloudflare/compare/2.8.8...2.8.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 3d1ed54c..a154dbef 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -25,7 +25,7 @@ certsrv==2.1.1            # via -r requirements.txt
 cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynacl
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
-cloudflare==2.8.8         # via -r requirements.txt
+cloudflare==2.8.9         # via -r requirements.txt
 cryptography==3.0         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
diff --git a/requirements.txt b/requirements.txt
index 46723b0d..d9e86d97 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ certsrv==2.1.1            # via -r requirements.in
 cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
-cloudflare==2.8.8         # via -r requirements.in
+cloudflare==2.8.9         # via -r requirements.in
 cryptography==3.0         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3

From 25125f32576cb7ac47d063d3f0a1c8cd7446a495 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 10 Aug 2020 17:30:34 -0700
Subject: [PATCH 28/77] Cert validity should not exceed 397 days for publicly
 trusted issuers

---
 lemur/common/validators.py             | 12 ++++++++++++
 lemur/plugins/lemur_digicert/plugin.py |  6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/lemur/common/validators.py b/lemur/common/validators.py
index e1dfe3c1..4aecb97e 100644
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@@ -152,6 +152,18 @@ def dates(data):
                         data["authority"].authority_certificate.not_after
                     )
                 )
+            # Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
+            # for certs issued by public CA
+            # The list of public issuers can be managed through a config named PUBLIC_CA
+            public_CA = current_app.config.get("PUBLIC_CA", [])
+            if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
+                max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+                if (
+                    (data.get("validity_end").date() - data.get("validity_start").date()).days
+                    > max_validity_days
+                ):
+                    raise ValidationError("Certificate cannot be valid for more than " +
+                                          str(max_validity_days) + " days")
 
     return data
 
diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index e5c4b2ce..32a5375a 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -82,11 +82,11 @@ def determine_end_date(end_date):
     :param end_date:
     :return: validity_end
     """
-    default_years = current_app.config.get("DIGICERT_DEFAULT_VALIDITY", 1)
-    max_validity_end = arrow.utcnow().shift(years=current_app.config.get("DIGICERT_MAX_VALIDITY", default_years))
+    default_days = current_app.config.get("DIGICERT_DEFAULT_VALIDITY_DAYS", 397)
+    max_validity_end = arrow.utcnow().shift(days=current_app.config.get("DIGICERT_MAX_VALIDITY_DAYS", default_days))
 
     if not end_date:
-        end_date = arrow.utcnow().shift(years=default_years)
+        end_date = arrow.utcnow().shift(days=default_days)
 
     if end_date > max_validity_end:
         end_date = max_validity_end

From d7d483fa9b2f4b84993ced286c0b3d0e40c3627d Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 10 Aug 2020 18:06:45 -0700
Subject: [PATCH 29/77] Renaming PUBLIC_CA to PUBLIC_CA_AUTHORITY_NAMES

---
 lemur/common/validators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/common/validators.py b/lemur/common/validators.py
index 4aecb97e..74095255 100644
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@@ -155,7 +155,7 @@ def dates(data):
             # Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
             # for certs issued by public CA
             # The list of public issuers can be managed through a config named PUBLIC_CA
-            public_CA = current_app.config.get("PUBLIC_CA", [])
+            public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
             if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
                 max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
                 if (

From 8a1563db547ea098855bb39edc2db20567107aae Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Mon, 10 Aug 2020 18:07:46 -0700
Subject: [PATCH 30/77] Updating Lemur docs to capture Digicert validity config
 changes

---
 docs/administration.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 157af478..a6d93af7 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -729,16 +729,16 @@ The following configuration properties are required to use the Digicert issuer p
             This is the root to be used for your CA chain
 
 
-.. data:: DIGICERT_DEFAULT_VALIDITY
+.. data:: DIGICERT_DEFAULT_VALIDITY_DAYS
     :noindex:
 
-            This is the default validity (in years), if no end date is specified. (Default: 1)
+            This is the default validity (in days), if no end date is specified. (Default: 397)
 
 
-.. data:: DIGICERT_MAX_VALIDITY
+.. data:: DIGICERT_MAX_VALIDITY_DAYS
     :noindex:
 
-            This is the maximum validity (in years). (Default: value of DIGICERT_DEFAULT_VALIDITY)
+            This is the maximum validity (in days). (Default: value of DIGICERT_DEFAULT_VALIDITY_DAYS)
 
 
 .. data:: DIGICERT_PRIVATE

From 747df683a9292561710e5a5c426640317590f4b0 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 11 Aug 2020 01:40:26 +0000
Subject: [PATCH 31/77] Bump sphinx from 3.1.2 to 3.2.0

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.1.2...v3.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index a154dbef..7e187213 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -92,7 +92,7 @@ six==1.15.0               # via -r requirements.txt, acme, bcrypt, cryptography,
 snowballstemmer==2.0.0    # via sphinx
 soupsieve==2.0.1          # via -r requirements.txt, beautifulsoup4
 sphinx-rtd-theme==0.5.0   # via -r requirements-docs.in
-sphinx==3.1.2             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
+sphinx==3.2.0             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
 sphinxcontrib-applehelp==1.0.2  # via sphinx
 sphinxcontrib-devhelp==1.0.2  # via sphinx
 sphinxcontrib-htmlhelp==1.0.3  # via sphinx

From e06dea106fbcb704b59bcefea5646bd816a8a368 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 11 Aug 2020 17:10:29 -0700
Subject: [PATCH 32/77] Modify unit test test_determine_end_date to match new
 config

---
 lemur/plugins/lemur_digicert/tests/test_digicert.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index 8bfd1dcf..ca2ddf68 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -32,11 +32,11 @@ def test_determine_validity_years(mock_current_app):
 
 @patch("lemur.plugins.lemur_digicert.plugin.current_app")
 def test_determine_end_date(mock_current_app):
-    mock_current_app.config.get = Mock(return_value=2)
+    mock_current_app.config.get = Mock(return_value=397)  # 397 days validity
     with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime):
-        assert arrow.get(2018, 11, 3) == plugin.determine_end_date(0)
-        assert arrow.get(2018, 5, 7) == plugin.determine_end_date(arrow.get(2018, 5, 7))
-        assert arrow.get(2018, 11, 3) == plugin.determine_end_date(arrow.get(2020, 5, 7))
+        assert arrow.get(2017, 12, 5) == plugin.determine_end_date(0)  # 397 days from (2016, 11, 3)
+        assert arrow.get(2017, 12, 5) == plugin.determine_end_date(arrow.get(2017, 12, 5))
+        assert arrow.get(2017, 12, 5) == plugin.determine_end_date(arrow.get(2020, 5, 7))
 
 
 @patch("lemur.plugins.lemur_digicert.plugin.current_app")

From 3cb386cc0f5d1db7bdd6376530dd18f1f901dc54 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 11 Aug 2020 18:02:42 -0700
Subject: [PATCH 33/77] maximum 1 year validity for digicert

---
 lemur/plugins/lemur_digicert/plugin.py         | 18 ++++++++----------
 .../lemur_digicert/tests/test_digicert.py      | 11 ++++-------
 2 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 32a5375a..9b3d4429 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -61,18 +61,16 @@ def signature_hash(signing_algorithm):
 
 
 def determine_validity_years(years):
-    """Given an end date determine how many years into the future that date is.
-    :param years:
-    :return: validity in years
     """
-    default_years = current_app.config.get("DIGICERT_DEFAULT_VALIDITY", 1)
-    max_years = current_app.config.get("DIGICERT_MAX_VALIDITY", default_years)
+    Considering maximum allowed certificate validity period of 398 days, this method should not return
+    more than 1 year of validity. Thus changing it to return 1.
+    Lemur will change this method in future to handle validity in months (determine_validity_months)
+    instead of years. This will allow flexibility to handle short-lived certificates.
 
-    if years > max_years:
-        return max_years
-    if years not in [1, 2, 3]:
-        return default_years
-    return years
+    :param years:
+    :return: 1
+    """
+    return 1
 
 
 def determine_end_date(end_date):
diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py
index ca2ddf68..4abfcf54 100644
--- a/lemur/plugins/lemur_digicert/tests/test_digicert.py
+++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py
@@ -14,8 +14,6 @@ def config_mock(*args):
         "DIGICERT_ORG_ID": 111111,
         "DIGICERT_PRIVATE": False,
         "DIGICERT_DEFAULT_SIGNING_ALGORITHM": "sha256",
-        "DIGICERT_DEFAULT_VALIDITY": 1,
-        "DIGICERT_MAX_VALIDITY": 2,
         "DIGICERT_CIS_PROFILE_NAMES": {"digicert": 'digicert'},
         "DIGICERT_CIS_SIGNING_ALGORITHMS": {"digicert": 'digicert'},
     }
@@ -24,10 +22,9 @@ def config_mock(*args):
 
 @patch("lemur.plugins.lemur_digicert.plugin.current_app")
 def test_determine_validity_years(mock_current_app):
-    mock_current_app.config.get = Mock(return_value=2)
     assert plugin.determine_validity_years(1) == 1
-    assert plugin.determine_validity_years(0) == 2
-    assert plugin.determine_validity_years(3) == 2
+    assert plugin.determine_validity_years(0) == 1
+    assert plugin.determine_validity_years(3) == 1
 
 
 @patch("lemur.plugins.lemur_digicert.plugin.current_app")
@@ -52,7 +49,7 @@ def test_map_fields_with_validity_years(mock_current_app):
             "owner": "bob@example.com",
             "description": "test certificate",
             "extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}},
-            "validity_years": 2
+            "validity_years": 1
         }
         expected = {
             "certificate": {
@@ -62,7 +59,7 @@ def test_map_fields_with_validity_years(mock_current_app):
                 "signature_hash": "sha256",
             },
             "organization": {"id": 111111},
-            "validity_years": 2,
+            "validity_years": 1,
         }
         assert expected == plugin.map_fields(options, CSR_STR)
 

From 8d2fffba87e1de3086abc8b1a4b549d9b9b75675 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 11 Aug 2020 18:51:41 -0700
Subject: [PATCH 34/77] Add new configs to the doc

---
 docs/administration.rst | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index a6d93af7..9f377119 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -66,7 +66,7 @@ Basic Configuration
 
 
 .. data:: SQLALCHEMY_POOL_SIZE
-:noindex:
+    :noindex:
 
             The default connection pool size is 5 for sqlalchemy managed connections.   Depending on the number of Lemur instances,
             please specify per instance connection pool size.  Below is an example to set connection pool size to 10.
@@ -80,7 +80,7 @@ Basic Configuration
 This is an optional setting but important to review and set for optimal database connection usage and for overall database performance.
 
 .. data:: SQLALCHEMY_MAX_OVERFLOW
-:noindex:
+    :noindex:
 
         This setting allows to create connections in addition to specified number of connections in pool size.   By default, sqlalchemy
         allows 10 connections to create in addition to the pool size.  This is also an optional setting.  If `SQLALCHEMY_POOL_SIZE` and
@@ -155,6 +155,22 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
 
         LEMUR_ENCRYPTION_KEYS = ['1YeftooSbxCiX2zo8m1lXtpvQjy27smZcUUaGmffhMY=', 'LAfQt6yrkLqOK5lwpvQcT4jf2zdeTQJV1uYeh9coT5s=']
 
+.. data:: PUBLIC_CA_AUTHORITY_NAMES
+    :noindex:
+        A list of public issuers which would be checked against to determine whether limit of max validity of 397 days
+        should be applied to the certificate. Configure public CA authority names in this list to enforce validity check.
+        This is an optional setting. Using this will allow the sanity check as mentioned. The name check is a case-insensitive
+        string comparision.
+
+.. data:: PUBLIC_CA_MAX_VALIDITY_DAYS
+    :noindex:
+        Use this config to override the limit of 397 days of validity for certificates issued by public issuers configured
+        using PUBLIC_CA_AUTHORITY_NAMES. Below example overrides the default validity of 397 days and sets it to 365 days.
+
+    ::
+
+        PUBLIC_CA_MAX_VALIDITY_DAYS = 365
+
 
 .. data:: DEBUG_DUMP
     :noindex:

From 2645c4a82d0ff299d007e6db221801d780313366 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 11 Aug 2020 18:53:19 -0700
Subject: [PATCH 35/77] mention 397 for digicert plugin

---
 lemur/plugins/lemur_digicert/plugin.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index 9b3d4429..fd8c4e2d 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -62,8 +62,8 @@ def signature_hash(signing_algorithm):
 
 def determine_validity_years(years):
     """
-    Considering maximum allowed certificate validity period of 398 days, this method should not return
-    more than 1 year of validity. Thus changing it to return 1.
+    Considering maximum allowed certificate validity period of 397 days, this method should not return
+    more than 1 year of validity. Thus changing it to always return 1.
     Lemur will change this method in future to handle validity in months (determine_validity_months)
     instead of years. This will allow flexibility to handle short-lived certificates.
 

From 4d7c6844e5217ae9d7c583a2ba33be88fb897410 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 14:12:07 -0700
Subject: [PATCH 36/77] Make Organizational Unit optional

---
 .../angular/authorities/authority/distinguishedName.tpl.html  | 3 +--
 .../certificates/certificate/distinguishedName.tpl.html       | 4 +---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html b/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
index 33b0ba4b..c6a7d312 100644
--- a/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
@@ -46,8 +46,7 @@
         Organizational Unit
       </label>
       <div class="col-sm-10">
-        <input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control" required/>
-        <p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must enter a organizational unit</p>
+        <input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control"/>
       </div>
     </div>
   </div>
diff --git a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
index 19102b03..72f168a0 100644
--- a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
@@ -62,9 +62,7 @@
       </label>
       <div class="col-sm-10">
         <input name="organizationalUnit" ng-model="certificate.organizationalUnit" placeholder="Organizational Unit"
-               class="form-control" required/>
-        <p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must
-          enter a organizational unit</p>
+               class="form-control"/>
       </div>
     </div>
   </div>

From 7011a4df8b8bfed11baaad7cc21f02f43c0b6f58 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 14:47:55 -0700
Subject: [PATCH 37/77] max date on UI as per max validity configs

---
 docs/administration.rst                               | 11 +++++++++++
 lemur/authorities/schemas.py                          |  2 ++
 lemur/certificates/models.py                          | 10 ++++++++++
 .../certificates/certificate/tracking.tpl.html        |  4 ++--
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 9f377119..df027f70 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         PUBLIC_CA_MAX_VALIDITY_DAYS = 365
 
 
+.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS
+    :noindex:
+        Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is
+        not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of
+        365 days and sets it to 90 days.
+
+    ::
+
+        INTERNAL_CA_MAX_VALIDITY_DAYS = 90
+
+
 .. data:: DEBUG_DUMP
     :noindex:
 
diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 9f9d4686..e77c6456 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -110,6 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     cn = fields.String()
     not_after = fields.DateTime()
     not_before = fields.DateTime()
+    max_issuance_date = fields.DateTime()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -135,6 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 58630ee6..9ea45409 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -311,6 +311,16 @@ class Certificate(db.Model):
     def validity_range(self):
         return self.not_after - self.not_before
 
+    @property
+    def max_issuance_date(self):
+        public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
+        if self.name.lower() in [ca.lower() for ca in public_CA]:
+            default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+        else:
+            default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365)   # 1 Year
+        issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
+        return arrow.utcnow().shift(days=issuance_validity_days)
+
     @property
     def subject(self):
         return self.parsed_cert.subject
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 027add0f..47de640e 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -154,7 +154,7 @@
                  is-open="popup1.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.notAfter"
+                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
@@ -174,7 +174,7 @@
                  is-open="popup2.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.notAfter"
+                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"

From 599a6943e2aaa366c012dd2286eeb84b21f31e58 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 15:14:34 -0700
Subject: [PATCH 38/77] Updating LEMUR_DEFAULT_ORGANIZATIONAL_UNIT to empty
 string

---
 docs/administration.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index df027f70..83747636 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -240,7 +240,7 @@ and are used when Lemur creates the CSR for your certificates.
 
     ::
 
-        LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations"
+        LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ""
 
 
 .. data:: LEMUR_DEFAULT_ISSUER_PLUGIN

From 5ed109e998c3a10e30657910154dbae7b87aeec3 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 19:34:59 -0700
Subject: [PATCH 39/77] Max end date as per start date + default validity 3
 years

---
 lemur/authorities/schemas.py                     |  4 ++--
 lemur/certificates/models.py                     | 10 ++++------
 .../certificates/certificate/tracking.tpl.html   |  7 ++++---
 .../static/app/angular/certificates/services.js  | 16 ++++++++++++++++
 .../app/angular/pending_certificates/services.js | 15 +++++++++++++++
 5 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index e77c6456..34ad1564 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -110,7 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     cn = fields.String()
     not_after = fields.DateTime()
     not_before = fields.DateTime()
-    max_issuance_date = fields.DateTime()
+    max_issuance_days = fields.Integer()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -136,7 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
-    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 9ea45409..5f6c4ba9 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -312,14 +312,12 @@ class Certificate(db.Model):
         return self.not_after - self.not_before
 
     @property
-    def max_issuance_date(self):
+    def max_issuance_days(self):
         public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
         if self.name.lower() in [ca.lower() for ca in public_CA]:
-            default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
-        else:
-            default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365)   # 1 Year
-        issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
-        return arrow.utcnow().shift(days=issuance_validity_days)
+            return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+
+        return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095)   # 3 years default
 
     @property
     def subject(self):
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 47de640e..07d6b0f4 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -151,10 +151,11 @@
                  uib-tooltip="yyyy/MM/dd"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityStart"
+                 ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
                  is-open="popup1.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
+                 max-date="certificate.authority.authorityCertificate.notAfter"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
@@ -174,8 +175,8 @@
                  is-open="popup2.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
-                 min-date="certificate.authority.authorityCertificate.notBefore"
+                 max-date="certificate.authority.authorityCertificate.maxValidityEnd"
+                 min-date="certificate.authority.authorityCertificate.minValidityEnd"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"
           />
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 3a23076d..7d46f4ca 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -164,6 +164,18 @@ angular.module('lemur')
               this.extensions.keyUsage.useDecipherOnly = true;
             }
           }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) this.validityEnd = '';
+
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
         }
       });
     });
@@ -264,6 +276,9 @@ angular.module('lemur')
           }
         }
 
+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
+
         if (certificate.dnsProviderId) {
           certificate.dnsProvider = {id: certificate.dnsProviderId};
         }
@@ -292,3 +307,4 @@ angular.module('lemur')
 
     return CertificateService;
   });
+
diff --git a/lemur/static/app/angular/pending_certificates/services.js b/lemur/static/app/angular/pending_certificates/services.js
index 4e1b23e4..a9bb8079 100644
--- a/lemur/static/app/angular/pending_certificates/services.js
+++ b/lemur/static/app/angular/pending_certificates/services.js
@@ -144,6 +144,18 @@ angular.module('lemur')
               this.extensions.keyUsage.useDecipherOnly = true;
             }
           }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) this.validityEnd = '';
+
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
         }
       });
     });
@@ -230,6 +242,9 @@ angular.module('lemur')
             certificate.authority = defaults.authority;
           }
         }
+
+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
       });
     };
 

From e79dda338452cbe8507cdd3bc8ced8814270748b Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 19:47:38 -0700
Subject: [PATCH 40/77] doc update DEFAULT_MAX_VALIDITY_DAYS

---
 docs/administration.rst | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/administration.rst b/docs/administration.rst
index 83747636..846a4c34 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -172,15 +172,15 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         PUBLIC_CA_MAX_VALIDITY_DAYS = 365
 
 
-.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS
+.. data:: DEFAULT_MAX_VALIDITY_DAYS
     :noindex:
-        Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is
-        not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of
-        365 days and sets it to 90 days.
+        Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
+        PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
+        default validity of 1095 days and sets it to 365 days.
 
     ::
 
-        INTERNAL_CA_MAX_VALIDITY_DAYS = 90
+        DEFAULT_MAX_VALIDITY_DAYS = 365
 
 
 .. data:: DEBUG_DUMP

From 7a9500eee0919c2340f172d37dce6aa77f18c521 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 18 Aug 2020 20:03:15 -0700
Subject: [PATCH 41/77] Lint error fix

---
 lemur/static/app/angular/certificates/services.js         | 6 ++++--
 lemur/static/app/angular/pending_certificates/services.js | 4 +++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 7d46f4ca..881a443a 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -167,8 +167,10 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) this.validityEnd = '';
-
+          if(this.validityEnd) {
+            this.validityEnd = '';
+          }
+          
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;
 
diff --git a/lemur/static/app/angular/pending_certificates/services.js b/lemur/static/app/angular/pending_certificates/services.js
index a9bb8079..2f99eb7d 100644
--- a/lemur/static/app/angular/pending_certificates/services.js
+++ b/lemur/static/app/angular/pending_certificates/services.js
@@ -147,7 +147,9 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) this.validityEnd = '';
+          if(this.validityEnd) {
+            this.validityEnd = '';
+          }
 
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;

From ab4cda2298d90b2805eed8d61bb335696cb1b0a6 Mon Sep 17 00:00:00 2001
From: sirferl <41906265+sirferl@users.noreply.github.com>
Date: Wed, 19 Aug 2020 12:25:52 +0200
Subject: [PATCH 42/77] Extended  ADCS_TEMPLATE_ Variable

If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions
---
 lemur/plugins/lemur_adcs/plugin.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lemur/plugins/lemur_adcs/plugin.py b/lemur/plugins/lemur_adcs/plugin.py
index a69afc90..4b4eb20c 100644
--- a/lemur/plugins/lemur_adcs/plugin.py
+++ b/lemur/plugins/lemur_adcs/plugin.py
@@ -40,7 +40,10 @@ class ADCSIssuerPlugin(IssuerPlugin):
         adcs_user = current_app.config.get("ADCS_USER")
         adcs_pwd = current_app.config.get("ADCS_PWD")
         adcs_auth_method = current_app.config.get("ADCS_AUTH_METHOD")
-        adcs_template = current_app.config.get("ADCS_TEMPLATE")
+        # if there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template
+        # else default to ADCS_TEMPLATE to be compatible with former versions
+        authority = issuer_options.get("authority").name.upper()
+        adcs_template = current_app.config.get("ADCS_TEMPLATE_{0}".format(authority), current_app.config.get("ADCS_TEMPLATE"))
         ca_server = Certsrv(
             adcs_server, adcs_user, adcs_pwd, auth_method=adcs_auth_method
         )

From 07f1d751c45552fa777f8416d224f009445e29de Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 16:41:17 +0000
Subject: [PATCH 43/77] Bump acme from 1.6.0 to 1.7.0

Bumps [acme](https://github.com/letsencrypt/letsencrypt) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/letsencrypt/letsencrypt/releases)
- [Commits](https://github.com/letsencrypt/letsencrypt/compare/v1.6.0...v1.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 7e187213..a70fc3ea 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
 #
-acme==1.6.0               # via -r requirements.txt
+acme==1.7.0               # via -r requirements.txt
 alabaster==0.7.12         # via sphinx
 alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
diff --git a/requirements.txt b/requirements.txt
index d9e86d97..86650ced 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile --no-index --output-file=requirements.txt requirements.in
 #
-acme==1.6.0               # via -r requirements.in
+acme==1.7.0               # via -r requirements.in
 alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu

From c5106f5fa461cd5f867102a734ca543c86d08bec Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:19:48 +0000
Subject: [PATCH 44/77] Bump fakeredis from 1.4.1 to 1.4.3

Bumps [fakeredis](https://github.com/jamesls/fakeredis) from 1.4.1 to 1.4.3.
- [Release notes](https://github.com/jamesls/fakeredis/releases)
- [Commits](https://github.com/jamesls/fakeredis/compare/1.4.1...1.4.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 7fd13f76..10c3209b 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -26,7 +26,7 @@ docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
 factory-boy==2.12.0       # via -r requirements-tests.in
 faker==4.1.1              # via -r requirements-tests.in, factory-boy
-fakeredis==1.4.1          # via -r requirements-tests.in
+fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
 freezegun==0.3.15         # via -r requirements-tests.in
 future==0.18.2            # via aws-xray-sdk

From cbc328d0735583818021751a4851226a8b188868 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:28:39 +0000
Subject: [PATCH 45/77] Bump factory-boy from 2.12.0 to 3.0.1

Bumps [factory-boy](https://github.com/FactoryBoy/factory_boy) from 2.12.0 to 3.0.1.
- [Release notes](https://github.com/FactoryBoy/factory_boy/releases)
- [Changelog](https://github.com/FactoryBoy/factory_boy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/FactoryBoy/factory_boy/compare/2.12.0...3.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 10c3209b..4893d4e3 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -24,7 +24,7 @@ decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
-factory-boy==2.12.0       # via -r requirements-tests.in
+factory-boy==3.0.1        # via -r requirements-tests.in
 faker==4.1.1              # via -r requirements-tests.in, factory-boy
 fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask

From d4dfa63cf563dcfc313c659193d430d69494bcdf Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:41:18 +0000
Subject: [PATCH 46/77] Bump pre-commit from 2.6.0 to 2.7.1

Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.6.0 to 2.7.1.
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pre-commit/pre-commit/compare/v2.6.0...v2.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 2299848e..97ec82d1 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -24,7 +24,7 @@ keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
 nodeenv==1.4.0            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
-pre-commit==2.6.0         # via -r requirements-dev.in
+pre-commit==2.7.1         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8
 pycparser==2.20           # via cffi
 pyflakes==1.6.0           # via flake8

From f7abfff51d3f83553d5f4d26cea2b368e8303256 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 17:54:14 +0000
Subject: [PATCH 47/77] Bump nodeenv from 1.4.0 to 1.5.0

Bumps [nodeenv](https://github.com/ekalinin/nodeenv) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/ekalinin/nodeenv/releases)
- [Changelog](https://github.com/ekalinin/nodeenv/blob/master/CHANGES)
- [Commits](https://github.com/ekalinin/nodeenv/compare/1.4.0...1.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index 97ec82d1..a029d4ae 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -22,7 +22,7 @@ invoke==1.4.1             # via -r requirements-dev.in
 jeepney==0.4.3            # via keyring, secretstorage
 keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
-nodeenv==1.4.0            # via -r requirements-dev.in, pre-commit
+nodeenv==1.5.0            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
 pre-commit==2.7.1         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8

From 54ca1315cab536a6de33c7fc494c0292b55ed92a Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:03:20 +0000
Subject: [PATCH 48/77] Bump faker from 4.1.1 to 4.1.2

Bumps [faker](https://github.com/joke2k/faker) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/joke2k/faker/releases)
- [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/joke2k/faker/compare/v4.1.1...v4.1.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 4893d4e3..ee406105 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -25,7 +25,7 @@ docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
 ecdsa==0.15               # via python-jose, sshpubkeys
 factory-boy==3.0.1        # via -r requirements-tests.in
-faker==4.1.1              # via -r requirements-tests.in, factory-boy
+faker==4.1.2              # via -r requirements-tests.in, factory-boy
 fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
 freezegun==0.3.15         # via -r requirements-tests.in

From 50d5c15a69632e14c35ef1a77ed3f391b2893043 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:12:28 +0000
Subject: [PATCH 49/77] Bump sphinx from 3.2.0 to 3.2.1

Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/sphinx-doc/sphinx/releases)
- [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES)
- [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.2.0...v3.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index a70fc3ea..202e0700 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -92,7 +92,7 @@ six==1.15.0               # via -r requirements.txt, acme, bcrypt, cryptography,
 snowballstemmer==2.0.0    # via sphinx
 soupsieve==2.0.1          # via -r requirements.txt, beautifulsoup4
 sphinx-rtd-theme==0.5.0   # via -r requirements-docs.in
-sphinx==3.2.0             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
+sphinx==3.2.1             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
 sphinxcontrib-applehelp==1.0.2  # via sphinx
 sphinxcontrib-devhelp==1.0.2  # via sphinx
 sphinxcontrib-htmlhelp==1.0.3  # via sphinx

From ced9696322ec0fad63022de83ec9d730a6d4e523 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:28:42 +0000
Subject: [PATCH 50/77] Bump inflection from 0.5.0 to 0.5.1

Bumps [inflection](https://github.com/jpvanhal/inflection) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/jpvanhal/inflection/releases)
- [Commits](https://github.com/jpvanhal/inflection/compare/0.5.0...0.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 202e0700..1a2986d5 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -46,7 +46,7 @@ gunicorn==20.0.4          # via -r requirements.txt
 hvac==0.10.5              # via -r requirements.txt
 idna==2.9                 # via -r requirements.txt, requests
 imagesize==1.2.0          # via sphinx
-inflection==0.5.0         # via -r requirements.txt
+inflection==0.5.1         # via -r requirements.txt
 itsdangerous==1.1.0       # via -r requirements.txt, flask
 javaobj-py3==0.4.0.1      # via -r requirements.txt, pyjks
 jinja2==2.11.2            # via -r requirements.txt, flask, sphinx
diff --git a/requirements.txt b/requirements.txt
index 86650ced..9a0a521c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -43,7 +43,7 @@ future==0.18.2            # via -r requirements.in
 gunicorn==20.0.4          # via -r requirements.in
 hvac==0.10.5              # via -r requirements.in
 idna==2.9                 # via requests
-inflection==0.5.0         # via -r requirements.in
+inflection==0.5.1         # via -r requirements.in
 itsdangerous==1.1.0       # via flask
 javaobj-py3==0.4.0.1      # via pyjks
 jinja2==2.11.2            # via -r requirements.in, flask

From 4955ec8541b28ea88297a09ae4e7aef1b8357e7a Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:42:38 +0000
Subject: [PATCH 51/77] Bump pytest-mock from 3.2.0 to 3.3.0

Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.2.0...v3.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index ee406105..1dc1f48d 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -60,7 +60,7 @@ pyflakes==2.2.0           # via -r requirements-tests.in
 pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
 pytest-flask==1.0.0       # via -r requirements-tests.in
-pytest-mock==3.2.0        # via -r requirements-tests.in
+pytest-mock==3.3.0        # via -r requirements-tests.in
 pytest==6.0.1             # via -r requirements-tests.in, pytest-flask, pytest-mock
 python-dateutil==2.8.1    # via botocore, faker, freezegun, moto
 python-jose==3.1.0        # via moto

From beea47fd0934b76035302c9cb5830eaf67daa65f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:55:27 +0000
Subject: [PATCH 52/77] Bump cloudflare from 2.8.9 to 2.8.13

Bumps [cloudflare](https://github.com/cloudflare/python-cloudflare) from 2.8.9 to 2.8.13.
- [Release notes](https://github.com/cloudflare/python-cloudflare/releases)
- [Changelog](https://github.com/cloudflare/python-cloudflare/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cloudflare/python-cloudflare/compare/2.8.9...2.8.13)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 1a2986d5..69679ebf 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -25,7 +25,7 @@ certsrv==2.1.1            # via -r requirements.txt
 cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynacl
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
-cloudflare==2.8.9         # via -r requirements.txt
+cloudflare==2.8.13        # via -r requirements.txt
 cryptography==3.0         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
diff --git a/requirements.txt b/requirements.txt
index 9a0a521c..9a0a2833 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ certsrv==2.1.1            # via -r requirements.in
 cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
-cloudflare==2.8.9         # via -r requirements.in
+cloudflare==2.8.13        # via -r requirements.in
 cryptography==3.0         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3

From 9d37f8018a178fec7d2e7de78fc98edc671dda6b Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 19:04:47 +0000
Subject: [PATCH 53/77] Bump arrow from 0.15.8 to 0.16.0

Bumps [arrow](https://github.com/arrow-py/arrow) from 0.15.8 to 0.16.0.
- [Release notes](https://github.com/arrow-py/arrow/releases)
- [Changelog](https://github.com/arrow-py/arrow/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/arrow-py/arrow/compare/0.15.8...0.16.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 69679ebf..045c1832 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -10,7 +10,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
 amqp==2.5.2               # via -r requirements.txt, kombu
 aniso8601==8.0.0          # via -r requirements.txt, flask-restful
-arrow==0.15.8             # via -r requirements.txt
+arrow==0.16.0             # via -r requirements.txt
 asyncpool==1.0            # via -r requirements.txt
 babel==2.8.0              # via sphinx
 bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
diff --git a/requirements.txt b/requirements.txt
index 9a0a2833..2ecb1f9c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,7 +9,7 @@ alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu
 aniso8601==8.0.0          # via flask-restful
-arrow==0.15.8             # via -r requirements.in
+arrow==0.16.0             # via -r requirements.in
 asyncpool==1.0            # via -r requirements.in
 bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare

From 1577f9956702e1b294840a9aa8fb4e6ca28941b4 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 25 Aug 2020 19:17:13 +0000
Subject: [PATCH 54/77] Bump boto3 from 1.14.33 to 1.14.48

Bumps [boto3](https://github.com/boto/boto3) from 1.14.33 to 1.14.48.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.33...1.14.48)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 4 ++--
 requirements-tests.txt | 4 ++--
 requirements.txt       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 045c1832..0ee5d42e 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -17,8 +17,8 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.txt
-botocore==1.17.33         # via -r requirements.txt, boto3, s3transfer
+boto3==1.14.48            # via -r requirements.txt
+botocore==1.17.48         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 1dc1f48d..303338c1 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,9 +10,9 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==19.10b0            # via -r requirements-tests.in
-boto3==1.14.33            # via aws-sam-translator, moto
+boto3==1.14.48            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.33         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.48         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
diff --git a/requirements.txt b/requirements.txt
index 2ecb1f9c..c79ec23d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,8 +15,8 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.in
-botocore==1.17.33         # via -r requirements.in, boto3, s3transfer
+boto3==1.14.48            # via -r requirements.in
+botocore==1.17.48         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in

From 1fc2e29ab8308dad99c5d235e41d84ee6f6b8788 Mon Sep 17 00:00:00 2001
From: sayali <scharhate@netflix.com>
Date: Tue, 25 Aug 2020 16:26:20 -0700
Subject: [PATCH 55/77] Remove 397 days validation as it causes error in API
 calls More to come in future

---
 lemur/common/validators.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lemur/common/validators.py b/lemur/common/validators.py
index 74095255..e1dfe3c1 100644
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@@ -152,18 +152,6 @@ def dates(data):
                         data["authority"].authority_certificate.not_after
                     )
                 )
-            # Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
-            # for certs issued by public CA
-            # The list of public issuers can be managed through a config named PUBLIC_CA
-            public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
-            if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
-                max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
-                if (
-                    (data.get("validity_end").date() - data.get("validity_start").date()).days
-                    > max_validity_days
-                ):
-                    raise ValidationError("Certificate cannot be valid for more than " +
-                                          str(max_validity_days) + " days")
 
     return data
 

From 75eaea3aad8d566bde91350cc8f12be0f0726e09 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Wed, 26 Aug 2020 01:38:17 -0700
Subject: [PATCH 56/77] fixing setup-git so build continues if ./git/hooks does
 not exist.

---
 Makefile | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 069eb29b..fb8b9afa 100644
--- a/Makefile
+++ b/Makefile
@@ -49,10 +49,13 @@ reset-db:
 	cd lemur && lemur db upgrade
 
 setup-git:
-	@echo "--> Installing git hooks"
-	git config branch.autosetuprebase always
-	cd .git/hooks && ln -sf ../../hooks/* ./
-	@echo ""
+	if [ -d .git/hooks ]; then \
+		@echo "--> Installing git hooks"; \
+		git config branch.autosetuprebase always; \
+		cd .git/hooks && ln -sf ../../hooks/* ./; \
+		@echo ""; \
+	fi
+
 
 clean:
 	@echo "--> Cleaning static cache"

From 91c2976bfc17f11cd2f5b1245a6a09d8654ddf86 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Wed, 26 Aug 2020 01:47:17 -0700
Subject: [PATCH 57/77] fixing Makefile build issue with @echo

---
 Makefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index fb8b9afa..3312a41d 100644
--- a/Makefile
+++ b/Makefile
@@ -49,13 +49,12 @@ reset-db:
 	cd lemur && lemur db upgrade
 
 setup-git:
+	@echo "--> Installing git hooks"
 	if [ -d .git/hooks ]; then \
-		@echo "--> Installing git hooks"; \
 		git config branch.autosetuprebase always; \
 		cd .git/hooks && ln -sf ../../hooks/* ./; \
-		@echo ""; \
 	fi
-
+	@echo ""
 
 clean:
 	@echo "--> Cleaning static cache"

From 9671b344859e5417a68a4fec1af646f1176dff25 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 27 Aug 2020 14:15:01 -0700
Subject: [PATCH 58/77] adding support for all type of ECC curves which
 existing CA plugins might support

---
 lemur/authorities/schemas.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 34ad1564..6bbeddd6 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -23,6 +23,7 @@ from lemur.common.schema import LemurInputSchema, LemurOutputSchema
 from lemur.common import validators, missing
 
 from lemur.common.fields import ArrowDateTime
+from lemur.constants import CERTIFICATE_KEY_TYPES
 
 
 class AuthorityInputSchema(LemurInputSchema):
@@ -61,7 +62,7 @@ class AuthorityInputSchema(LemurInputSchema):
         missing="sha256WithRSA",
     )
     key_type = fields.String(
-        validate=validate.OneOf(["RSA2048", "RSA4096", "EC256"]), missing="RSA2048"
+        validate=validate.OneOf(CERTIFICATE_KEY_TYPES + ["EC256"]), missing="RSA2048"
     )
     key_name = fields.String()
     sensitivity = fields.String(

From 9a7a6324896c601f7e56c94b4ca693be489f65d4 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Fri, 28 Aug 2020 09:48:35 -0700
Subject: [PATCH 59/77] using a standard curve for testing

---
 lemur/tests/test_authorities.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py
index 6090d0b6..fade39e8 100644
--- a/lemur/tests/test_authorities.py
+++ b/lemur/tests/test_authorities.py
@@ -48,7 +48,7 @@ def test_authority_input_schema_ecc(client, role, issuer_plugin, logged_in_user)
         },
         "type": "root",
         "signingAlgorithm": "sha256WithECDSA",
-        "keyType": "EC256",
+        "keyType": "ECCPRIME256V1",
         "sensitivity": "medium",
     }
 

From d478def98cc85adfc8040c4144c31c03228a14a5 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Mon, 31 Aug 2020 16:35:47 -0700
Subject: [PATCH 60/77] removing the custom key Type and doing the conversion
 in the backend

---
 lemur/authorities/schemas.py                                    | 2 +-
 lemur/static/app/angular/authorities/authority/options.tpl.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 6bbeddd6..7f9f57d4 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -62,7 +62,7 @@ class AuthorityInputSchema(LemurInputSchema):
         missing="sha256WithRSA",
     )
     key_type = fields.String(
-        validate=validate.OneOf(CERTIFICATE_KEY_TYPES + ["EC256"]), missing="RSA2048"
+        validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048"
     )
     key_name = fields.String()
     sensitivity = fields.String(
diff --git a/lemur/static/app/angular/authorities/authority/options.tpl.html b/lemur/static/app/angular/authorities/authority/options.tpl.html
index 7ba858a7..bf1ad70c 100644
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@@ -20,7 +20,7 @@
       Key Type
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'EC256', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
+      <select class="form-control" ng-model="authority.keyType" ng-options="option for option in ['RSA2048', 'RSA4096', 'ECCPRIME192V1', 'ECCPRIME256V1', 'ECCSECP192R1', 'ECCSECP224R1', 'ECCSECP256R1', 'ECCSECP384R1', 'ECCSECP521R1', 'ECCSECP256K1',
       'ECCSECT163K1', 'ECCSECT233K1', 'ECCSECT283K1', 'ECCSECT409K1', 'ECCSECT571K1', 'ECCSECT163R2', 'ECCSECT233R1', 'ECCSECT283R1', 'ECCSECT409R1', 'ECCSECT571R2']" ng-init="authority.keyType = 'RSA2048'"></select>
     </div>
   </div>

From 0077452e103bfe91ac6e15740101abb72eae1fa7 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 15:26:23 -0700
Subject: [PATCH 61/77] fixing import order to fix travis builds

---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 4ce03d70..471c5358 100644
--- a/setup.py
+++ b/setup.py
@@ -14,12 +14,12 @@ import json
 import os.path
 import datetime
 
-from distutils import log
-from distutils.core import Command
 from setuptools.command.develop import develop
 from setuptools.command.install import install
 from setuptools.command.sdist import sdist
 from setuptools import setup, find_packages
+from distutils import log
+from distutils.core import Command
 from subprocess import check_output
 
 import pip

From 77b67f613f0d1fe491b4cca365b2ffd2935d7e38 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 16:07:47 -0700
Subject: [PATCH 62/77] removing dependency on distutils from setup.py

---
 setup.py | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/setup.py b/setup.py
index 471c5358..e6624198 100644
--- a/setup.py
+++ b/setup.py
@@ -9,20 +9,20 @@ Is a TLS management and orchestration tool.
 """
 from __future__ import absolute_import
 
-import sys
-import json
-import os.path
 import datetime
-
-from setuptools.command.develop import develop
-from setuptools.command.install import install
-from setuptools.command.sdist import sdist
-from setuptools import setup, find_packages
-from distutils import log
-from distutils.core import Command
+import json
+import logging
+import os.path
+import sys
 from subprocess import check_output
 
 import pip
+from setuptools import Command
+from setuptools import setup, find_packages
+from setuptools.command.develop import develop
+from setuptools.command.install import install
+from setuptools.command.sdist import sdist
+
 if tuple(map(int, pip.__version__.split('.'))) >= (19, 3, 0):
     from pip._internal.network.session import PipSession
     from pip._internal.req import parse_requirements
@@ -105,16 +105,16 @@ class BuildStatic(Command):
         pass
 
     def run(self):
-        log.info("running [npm install --quiet] in {0}".format(ROOT))
+        logging.info("running [npm install --quiet] in {0}".format(ROOT))
         try:
             check_output(['npm', 'install', '--quiet'], cwd=ROOT)
 
-            log.info("running [gulp build]")
+            logging.info("running [gulp build]")
             check_output([os.path.join(ROOT, 'node_modules', '.bin', 'gulp'), 'build'], cwd=ROOT)
-            log.info("running [gulp package]")
+            logging.info("running [gulp package]")
             check_output([os.path.join(ROOT, 'node_modules', '.bin', 'gulp'), 'package'], cwd=ROOT)
         except Exception as e:
-            log.warn("Unable to build static content")
+            logging.warn("Unable to build static content")
 
 
 setup(

From 079e8ccf3b4590ba140712b0915826300e975dc7 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 16:35:54 -0700
Subject: [PATCH 63/77] removing explicit dependencies on `import pip` and
 moving to pkg_resources

---
 setup.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/setup.py b/setup.py
index e6624198..94774bc4 100644
--- a/setup.py
+++ b/setup.py
@@ -16,18 +16,18 @@ import os.path
 import sys
 from subprocess import check_output
 
-import pip
+import pkg_resources
 from setuptools import Command
 from setuptools import setup, find_packages
 from setuptools.command.develop import develop
 from setuptools.command.install import install
 from setuptools.command.sdist import sdist
 
-if tuple(map(int, pip.__version__.split('.'))) >= (19, 3, 0):
+if tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (19, 3, 0):
     from pip._internal.network.session import PipSession
-    from pip._internal.req import parse_requirements
+    from pip._internal.req.req_file import parse_requirements
 
-elif tuple(map(int, pip.__version__.split('.'))) >= (10, 0, 0):
+elif tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (10, 0, 0):
     from pip._internal.download import PipSession
     from pip._internal.req import parse_requirements
 else:
@@ -49,7 +49,7 @@ tests_require_g = parse_requirements("requirements-tests.txt", session=PipSessio
 docs_require_g = parse_requirements("requirements-docs.txt", session=PipSession())
 dev_requires_g = parse_requirements("requirements-dev.txt", session=PipSession())
 
-if tuple(map(int, pip.__version__.split('.'))) >= (20, 1):
+if tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (20, 1):
     install_requires = [str(ir.requirement) for ir in install_requires_g]
     tests_require = [str(ir.requirement) for ir in tests_require_g]
     docs_require = [str(ir.requirement) for ir in docs_require_g]

From 4ec0430a61c412878e1d78c75a5d8a6eb93b9dd4 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 16:41:09 -0700
Subject: [PATCH 64/77] adding SETUP_TOOLS_USE_DISTUTILS to travis build file

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index f1abf3f3..b610a3dd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,7 @@ cache:
 env:
   global:
     - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+    - SETUPTOOLS_USE_DISTUTILS=stdlib
     # do not load /etc/boto.cfg with Python 3 incompatible plugin
     # https://github.com/travis-ci/travis-ci/issues/5246#issuecomment-166460882
     - BOTO_CONFIG=/doesnotexist

From beba785b09f630731e3d2ec3dca7127e0bf236f6 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 17:16:18 -0700
Subject: [PATCH 65/77] cleaning up requirements imports and adding comments to
 change to .travis.yml

---
 .travis.yml |  1 +
 setup.py    | 46 ++++++++++++++++------------------------------
 2 files changed, 17 insertions(+), 30 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index b610a3dd..f38555a0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,7 @@ cache:
 env:
   global:
     - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+    # The following line is a temporary workaround for this issue: https://github.com/pypa/setuptools/issues/2230
     - SETUPTOOLS_USE_DISTUTILS=stdlib
     # do not load /etc/boto.cfg with Python 3 incompatible plugin
     # https://github.com/travis-ci/travis-ci/issues/5246#issuecomment-166460882
diff --git a/setup.py b/setup.py
index 94774bc4..a612cd18 100644
--- a/setup.py
+++ b/setup.py
@@ -16,24 +16,12 @@ import os.path
 import sys
 from subprocess import check_output
 
-import pkg_resources
 from setuptools import Command
 from setuptools import setup, find_packages
 from setuptools.command.develop import develop
 from setuptools.command.install import install
 from setuptools.command.sdist import sdist
 
-if tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (19, 3, 0):
-    from pip._internal.network.session import PipSession
-    from pip._internal.req.req_file import parse_requirements
-
-elif tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (10, 0, 0):
-    from pip._internal.download import PipSession
-    from pip._internal.req import parse_requirements
-else:
-    from pip.download import PipSession
-    from pip.req import parse_requirements
-
 ROOT = os.path.realpath(os.path.join(os.path.dirname(__file__)))
 
 # When executing the setup.py, we need to be able to import ourselves, this
@@ -44,21 +32,18 @@ about = {}
 with open(os.path.join(ROOT, 'lemur', '__about__.py')) as f:
     exec(f.read(), about)  # nosec: about file is benign
 
-install_requires_g = parse_requirements("requirements.txt", session=PipSession())
-tests_require_g = parse_requirements("requirements-tests.txt", session=PipSession())
-docs_require_g = parse_requirements("requirements-docs.txt", session=PipSession())
-dev_requires_g = parse_requirements("requirements-dev.txt", session=PipSession())
+# Parse requirements files
+with open('requirements.txt') as f:
+    install_requirements = f.read().splitlines()
 
-if tuple(map(int, pkg_resources.require("pip")[0].version.split('.'))) >= (20, 1):
-    install_requires = [str(ir.requirement) for ir in install_requires_g]
-    tests_require = [str(ir.requirement) for ir in tests_require_g]
-    docs_require = [str(ir.requirement) for ir in docs_require_g]
-    dev_requires = [str(ir.requirement) for ir in dev_requires_g]
-else:
-    install_requires = [str(ir.req) for ir in install_requires_g]
-    tests_require = [str(ir.req) for ir in tests_require_g]
-    docs_require = [str(ir.req) for ir in docs_require_g]
-    dev_requires = [str(ir.req) for ir in dev_requires_g]
+with open('requirements-tests.txt') as f:
+    tests_requirements = f.read().splitlines()
+
+with open('requirements-docs.txt') as f:
+    docs_requirements = f.read().splitlines()
+
+with open('requirements-dev.txt') as f:
+    dev_requirements = f.read().splitlines()
 
 
 class SmartInstall(install):
@@ -67,6 +52,7 @@ class SmartInstall(install):
     If the package indicator is missing, this will also force a run of
     `build_static` which is required for JavaScript assets and other things.
     """
+
     def _needs_static(self):
         return not os.path.exists(os.path.join(ROOT, 'lemur/static/dist'))
 
@@ -128,11 +114,11 @@ setup(
     packages=find_packages(),
     include_package_data=True,
     zip_safe=False,
-    install_requires=install_requires,
+    install_requires=install_requirements,
     extras_require={
-        'tests': tests_require,
-        'docs': docs_require,
-        'dev': dev_requires,
+        'tests': tests_requirements,
+        'docs': docs_requirements,
+        'dev': dev_requirements,
     },
     cmdclass={
         'build_static': BuildStatic,

From d5e51b3fc31c9d3138b1d3e035bdb7852610ca3e Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 17:20:34 -0700
Subject: [PATCH 66/77] Remove changes to .travis.yml, moving them to new PR

---
 .travis.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index f38555a0..f1abf3f3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,8 +20,6 @@ cache:
 env:
   global:
     - PIP_DOWNLOAD_CACHE=".pip_download_cache"
-    # The following line is a temporary workaround for this issue: https://github.com/pypa/setuptools/issues/2230
-    - SETUPTOOLS_USE_DISTUTILS=stdlib
     # do not load /etc/boto.cfg with Python 3 incompatible plugin
     # https://github.com/travis-ci/travis-ci/issues/5246#issuecomment-166460882
     - BOTO_CONFIG=/doesnotexist

From af4bb72be3ee7cd4e747265c0856060df0f1fd44 Mon Sep 17 00:00:00 2001
From: csine-nflx <csine@netflix.com>
Date: Tue, 1 Sep 2020 17:28:42 -0700
Subject: [PATCH 67/77] adding SETUPTOOLS_USE_DISTUTILS environment variable to
 fix travis build issue

---
 .travis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index f1abf3f3..f38555a0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,8 @@ cache:
 env:
   global:
     - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+    # The following line is a temporary workaround for this issue: https://github.com/pypa/setuptools/issues/2230
+    - SETUPTOOLS_USE_DISTUTILS=stdlib
     # do not load /etc/boto.cfg with Python 3 incompatible plugin
     # https://github.com/travis-ci/travis-ci/issues/5246#issuecomment-166460882
     - BOTO_CONFIG=/doesnotexist

From 9af887cf954b5f59292a542a58482dbf332454d1 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Wed, 2 Sep 2020 17:13:23 +0000
Subject: [PATCH 68/77] Bump paramiko from 2.7.1 to 2.7.2

Bumps [paramiko](https://github.com/paramiko/paramiko) from 2.7.1 to 2.7.2.
- [Release notes](https://github.com/paramiko/paramiko/releases)
- [Changelog](https://github.com/paramiko/paramiko/blob/master/NEWS)
- [Commits](https://github.com/paramiko/paramiko/compare/2.7.1...2.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 0ee5d42e..6a6afce8 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -62,7 +62,7 @@ marshmallow-sqlalchemy==0.23.1  # via -r requirements.txt
 marshmallow==2.20.4       # via -r requirements.txt, marshmallow-sqlalchemy
 ndg-httpsclient==0.5.1    # via -r requirements.txt
 packaging==20.3           # via sphinx
-paramiko==2.7.1           # via -r requirements.txt
+paramiko==2.7.2           # via -r requirements.txt
 pem==20.1.0               # via -r requirements.txt
 psycopg2==2.8.5           # via -r requirements.txt
 pyasn1-modules==0.2.8     # via -r requirements.txt, pyjks, python-ldap
diff --git a/requirements.txt b/requirements.txt
index c79ec23d..08f170b1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -58,7 +58,7 @@ markupsafe==1.1.1         # via jinja2, mako
 marshmallow-sqlalchemy==0.23.1  # via -r requirements.in
 marshmallow==2.20.4       # via -r requirements.in, marshmallow-sqlalchemy
 ndg-httpsclient==0.5.1    # via -r requirements.in
-paramiko==2.7.1           # via -r requirements.in
+paramiko==2.7.2           # via -r requirements.in
 pem==20.1.0               # via -r requirements.in
 psycopg2==2.8.5           # via -r requirements.in
 pyasn1-modules==0.2.8     # via pyjks, python-ldap

From 26dfe5f654eee9e6a33af5d7d7806ce6bc83dc9f Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 3 Sep 2020 00:59:57 +0000
Subject: [PATCH 69/77] Bump cryptography from 3.0 to 3.1

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.0 to 3.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.0...3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-dev.txt   | 2 +-
 requirements-docs.txt  | 2 +-
 requirements-tests.txt | 2 +-
 requirements.txt       | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index a029d4ae..166722e8 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -11,7 +11,7 @@ cffi==1.14.0              # via cryptography
 cfgv==3.1.0               # via pre-commit
 chardet==3.0.4            # via requests
 colorama==0.4.3           # via twine
-cryptography==3.0         # via secretstorage
+cryptography==3.1         # via secretstorage
 distlib==0.3.0            # via virtualenv
 docutils==0.16            # via readme-renderer
 filelock==3.0.12          # via virtualenv
diff --git a/requirements-docs.txt b/requirements-docs.txt
index 6a6afce8..d6827e27 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -26,7 +26,7 @@ cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynac
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
 cloudflare==2.8.13        # via -r requirements.txt
-cryptography==3.0         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
+cryptography==3.1         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
 docutils==0.15.2          # via -r requirements.txt, botocore, sphinx
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 303338c1..5d7e4971 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -19,7 +19,7 @@ cfn-lint==0.29.5          # via moto
 chardet==3.0.4            # via requests
 click==7.1.1              # via black, flask
 coverage==5.2.1           # via -r requirements-tests.in
-cryptography==3.0         # via moto, sshpubkeys
+cryptography==3.1         # via moto, sshpubkeys
 decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
diff --git a/requirements.txt b/requirements.txt
index 08f170b1..a7152a82 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -24,7 +24,7 @@ cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
 cloudflare==2.8.13        # via -r requirements.in
-cryptography==3.0         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
+cryptography==3.1         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3
 docutils==0.15.2          # via botocore

From b9a30a2188df97913b07aaeb5c45567e039fd210 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 3 Sep 2020 04:34:55 +0000
Subject: [PATCH 70/77] Bump pytest-mock from 3.3.0 to 3.3.1

Bumps [pytest-mock](https://github.com/pytest-dev/pytest-mock) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/pytest-dev/pytest-mock/releases)
- [Changelog](https://github.com/pytest-dev/pytest-mock/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-mock/compare/v3.3.0...v3.3.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 5d7e4971..93efcfa8 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -60,7 +60,7 @@ pyflakes==2.2.0           # via -r requirements-tests.in
 pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
 pytest-flask==1.0.0       # via -r requirements-tests.in
-pytest-mock==3.3.0        # via -r requirements-tests.in
+pytest-mock==3.3.1        # via -r requirements-tests.in
 pytest==6.0.1             # via -r requirements-tests.in, pytest-flask, pytest-mock
 python-dateutil==2.8.1    # via botocore, faker, freezegun, moto
 python-jose==3.1.0        # via moto

From 0d95d77a109bc0ff53efb09e1584274536e746e7 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 3 Sep 2020 05:04:07 +0000
Subject: [PATCH 71/77] Bump black from 19.10b0 to 20.8b1

Bumps [black](https://github.com/psf/black) from 19.10b0 to 20.8b1.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/master/CHANGES.md)
- [Commits](https://github.com/psf/black/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 93efcfa8..c38f532b 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -5,11 +5,11 @@
 #    pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in
 #
 appdirs==1.4.3            # via black
-attrs==19.3.0             # via black, jsonschema, pytest
+attrs==19.3.0             # via jsonschema, pytest
 aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
-black==19.10b0            # via -r requirements-tests.in
+black==20.8b1             # via -r requirements-tests.in
 boto3==1.14.48            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
 botocore==1.17.48         # via aws-xray-sdk, boto3, moto, s3transfer
@@ -17,7 +17,7 @@ certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
 chardet==3.0.4            # via requests
-click==7.1.1              # via black, flask
+click==7.1.2              # via black, flask
 coverage==5.2.1           # via -r requirements-tests.in
 cryptography==3.1         # via moto, sshpubkeys
 decorator==4.4.2          # via networkx
@@ -47,6 +47,7 @@ markupsafe==1.1.1         # via jinja2
 mock==4.0.2               # via moto
 more-itertools==8.2.0     # via pytest
 moto==1.3.14              # via -r requirements-tests.in
+mypy-extensions==0.4.3    # via black
 networkx==2.4             # via cfn-lint
 nose==1.3.7               # via -r requirements-tests.in
 packaging==20.3           # via pytest
@@ -79,8 +80,9 @@ sortedcontainers==2.1.0   # via fakeredis
 sshpubkeys==3.1.0         # via moto
 stevedore==1.32.0         # via bandit
 text-unidecode==1.3       # via faker
-toml==0.10.0              # via black, pytest
+toml==0.10.1              # via black, pytest
 typed-ast==1.4.1          # via black
+typing-extensions==3.7.4.3  # via black
 urllib3==1.25.8           # via botocore, requests
 websocket-client==0.57.0  # via docker
 werkzeug==1.0.1           # via flask, moto, pytest-flask

From 2fd05eed3dff8afaaf38fc0fb0b92f6158caf792 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 3 Sep 2020 05:13:48 +0000
Subject: [PATCH 72/77] Bump flask-cors from 3.0.8 to 3.0.9

Bumps [flask-cors](https://github.com/corydolphin/flask-cors) from 3.0.8 to 3.0.9.
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/corydolphin/flask-cors/compare/3.0.8...3.0.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index d6827e27..0bef8bf8 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -32,7 +32,7 @@ dnspython==1.15.0         # via -r requirements.txt, dnspython3
 docutils==0.15.2          # via -r requirements.txt, botocore, sphinx
 dyn==1.8.1                # via -r requirements.txt
 flask-bcrypt==0.7.1       # via -r requirements.txt
-flask-cors==3.0.8         # via -r requirements.txt
+flask-cors==3.0.9         # via -r requirements.txt
 flask-mail==0.9.1         # via -r requirements.txt
 flask-migrate==2.5.3      # via -r requirements.txt
 flask-principal==0.4.0    # via -r requirements.txt
diff --git a/requirements.txt b/requirements.txt
index a7152a82..5fbadd86 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -30,7 +30,7 @@ dnspython==1.15.0         # via dnspython3
 docutils==0.15.2          # via botocore
 dyn==1.8.1                # via -r requirements.in
 flask-bcrypt==0.7.1       # via -r requirements.in
-flask-cors==3.0.8         # via -r requirements.in
+flask-cors==3.0.9         # via -r requirements.in
 flask-mail==0.9.1         # via -r requirements.in
 flask-migrate==2.5.3      # via -r requirements.in
 flask-principal==0.4.0    # via -r requirements.in

From 86d37ced172e41a61d30812336de5ecedfc7af2c Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Thu, 3 Sep 2020 05:27:42 +0000
Subject: [PATCH 73/77] Bump boto3 from 1.14.48 to 1.14.54

Bumps [boto3](https://github.com/boto/boto3) from 1.14.48 to 1.14.54.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.48...1.14.54)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 4 ++--
 requirements-tests.txt | 4 ++--
 requirements.txt       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 0bef8bf8..25727e8b 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -17,8 +17,8 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.48            # via -r requirements.txt
-botocore==1.17.48         # via -r requirements.txt, boto3, s3transfer
+boto3==1.14.54            # via -r requirements.txt
+botocore==1.17.54         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
diff --git a/requirements-tests.txt b/requirements-tests.txt
index c38f532b..55756963 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,9 +10,9 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==20.8b1             # via -r requirements-tests.in
-boto3==1.14.48            # via aws-sam-translator, moto
+boto3==1.14.54            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.48         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.54         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
diff --git a/requirements.txt b/requirements.txt
index 5fbadd86..1042d1b9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,8 +15,8 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.48            # via -r requirements.in
-botocore==1.17.48         # via -r requirements.in, boto3, s3transfer
+boto3==1.14.54            # via -r requirements.in
+botocore==1.17.54         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in

From 458b4b062cfe47fc59a46237b38ddb9dd4230c24 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 8 Sep 2020 06:13:59 +0000
Subject: [PATCH 74/77] Bump botocore from 1.17.54 to 1.17.56

Bumps [botocore](https://github.com/boto/botocore) from 1.17.54 to 1.17.56.
- [Release notes](https://github.com/boto/botocore/releases)
- [Changelog](https://github.com/boto/botocore/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/botocore/compare/1.17.54...1.17.56)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 2 +-
 requirements-tests.txt | 2 +-
 requirements.txt       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 25727e8b..436347b3 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -18,7 +18,7 @@ beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
 boto3==1.14.54            # via -r requirements.txt
-botocore==1.17.54         # via -r requirements.txt, boto3, s3transfer
+botocore==1.17.56         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 55756963..97a5f63f 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -12,7 +12,7 @@ bandit==1.6.2             # via -r requirements-tests.in
 black==20.8b1             # via -r requirements-tests.in
 boto3==1.14.54            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.54         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.56         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
diff --git a/requirements.txt b/requirements.txt
index 1042d1b9..f71f1d3c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
 boto3==1.14.54            # via -r requirements.in
-botocore==1.17.54         # via -r requirements.in, boto3, s3transfer
+botocore==1.17.56         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in

From e0ba90d672b3eb52d9dcf35651665704e6f62974 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 8 Sep 2020 16:38:36 +0000
Subject: [PATCH 75/77] Bump freezegun from 0.3.15 to 1.0.0

Bumps [freezegun](https://github.com/spulec/freezegun) from 0.3.15 to 1.0.0.
- [Release notes](https://github.com/spulec/freezegun/releases)
- [Changelog](https://github.com/spulec/freezegun/blob/master/CHANGELOG)
- [Commits](https://github.com/spulec/freezegun/compare/0.3.15...1.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-tests.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-tests.txt b/requirements-tests.txt
index 97a5f63f..74142869 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -28,7 +28,7 @@ factory-boy==3.0.1        # via -r requirements-tests.in
 faker==4.1.2              # via -r requirements-tests.in, factory-boy
 fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
-freezegun==0.3.15         # via -r requirements-tests.in
+freezegun==1.0.0          # via -r requirements-tests.in
 future==0.18.2            # via aws-xray-sdk
 gitdb==4.0.4              # via gitpython
 gitpython==3.1.1          # via bandit
@@ -74,7 +74,7 @@ requests==2.24.0          # via docker, moto, requests-mock, responses
 responses==0.10.12        # via moto
 rsa==4.0                  # via python-jose
 s3transfer==0.3.3         # via boto3
-six==1.15.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, ecdsa, fakeredis, freezegun, jsonschema, moto, packaging, pyrsistent, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
+six==1.15.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, ecdsa, fakeredis, jsonschema, moto, packaging, pyrsistent, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
 smmap==3.0.2              # via gitdb
 sortedcontainers==2.1.0   # via fakeredis
 sshpubkeys==3.1.0         # via moto

From 6ef6fe40e6ebed1550241220ddb67ae6e82b2c2d Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 8 Sep 2020 16:46:51 +0000
Subject: [PATCH 76/77] Bump psycopg2 from 2.8.5 to 2.8.6

Bumps [psycopg2](https://github.com/psycopg/psycopg2) from 2.8.5 to 2.8.6.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 436347b3..785fe42a 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -64,7 +64,7 @@ ndg-httpsclient==0.5.1    # via -r requirements.txt
 packaging==20.3           # via sphinx
 paramiko==2.7.2           # via -r requirements.txt
 pem==20.1.0               # via -r requirements.txt
-psycopg2==2.8.5           # via -r requirements.txt
+psycopg2==2.8.6           # via -r requirements.txt
 pyasn1-modules==0.2.8     # via -r requirements.txt, pyjks, python-ldap
 pyasn1==0.4.8             # via -r requirements.txt, ndg-httpsclient, pyasn1-modules, pyjks, python-ldap
 pycparser==2.20           # via -r requirements.txt, cffi
diff --git a/requirements.txt b/requirements.txt
index f71f1d3c..d3f3035e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -60,7 +60,7 @@ marshmallow==2.20.4       # via -r requirements.in, marshmallow-sqlalchemy
 ndg-httpsclient==0.5.1    # via -r requirements.in
 paramiko==2.7.2           # via -r requirements.in
 pem==20.1.0               # via -r requirements.in
-psycopg2==2.8.5           # via -r requirements.in
+psycopg2==2.8.6           # via -r requirements.in
 pyasn1-modules==0.2.8     # via pyjks, python-ldap
 pyasn1==0.4.8             # via ndg-httpsclient, pyasn1-modules, pyjks, python-ldap
 pycparser==2.20           # via cffi

From aeead5363bb25ce595e68dcc1cc68acfb379adc6 Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 8 Sep 2020 16:58:54 +0000
Subject: [PATCH 77/77] Bump boto3 from 1.14.54 to 1.14.56

Bumps [boto3](https://github.com/boto/boto3) from 1.14.54 to 1.14.56.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.14.54...1.14.56)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 requirements-docs.txt  | 2 +-
 requirements-tests.txt | 2 +-
 requirements.txt       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements-docs.txt b/requirements-docs.txt
index 785fe42a..37d50804 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -17,7 +17,7 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.54            # via -r requirements.txt
+boto3==1.14.56            # via -r requirements.txt
 botocore==1.17.56         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 74142869..e9106767 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -10,7 +10,7 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==20.8b1             # via -r requirements-tests.in
-boto3==1.14.54            # via aws-sam-translator, moto
+boto3==1.14.56            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
 botocore==1.17.56         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
diff --git a/requirements.txt b/requirements.txt
index d3f3035e..64e41b3c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,7 +15,7 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.54            # via -r requirements.in
+boto3==1.14.56            # via -r requirements.in
 botocore==1.17.56         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests