PyPI does not run setup.py separately for each Python version to
resolve requirements, so these conditional requirements need to be
properly specified in the metadata, not in code.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
From Python Safety:
Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
The `boto` library (long ago superseded by `boto3`) has not had an official
release in over two years or even a commit in the last 18 months. Importing
the package (or indirectly importing it by via `moto`) generates a deprecation
warning. Additionally, an ever-increasing number of `moto` users who have
left `boto` behind for `boto3` are still being forced to install `boto`.
This commit vendors a very small subset of the `boto` library--only the code
required by `moto` to run--into the /packages subdirectory. A README file
is included explaining the origin of the files and a recommendation for how
they can be removed entirely in a future release.
NOTE: Users of `boto` will still be able to use `moto` after this is merged.
closes#2978closes#3013closes#3170closes#3418
relates to #2950
* Add check for existing execution, fix issue with make init
* Remove f-string usage
* Remove fstring usage in test
* Pin black and run formatting on test_stepfunction
* Reverse changes made by black 20.8b1
This allows repos consuming moto to use the latest jinaj2 2.11.x patched version (currently 2.11.1) w/o breaking moto's python 2 support.
See https://github.com/spulec/moto/pull/2776
- Added support for the following APIs:
- put_configuration_aggregator
- describe_configuration_aggregators
- delete_configuration_aggregator
- put_aggregation_authorization
- describe_aggregation_authorizations
- delete_aggregation_authorization
Given how moto is intended to be used, and how it uses Jinja2, [CVE-2019-10906](https://nvd.nist.gov/vuln/detail/CVE-2019-10906) is unlikely to affect many users, but we should use a secure version anyway just in case moto is being used in unforeseen ways.
As of #1733, Python 3.7 is supported, so reflect that in the Trove
classifiers.
As of 2017-09-29, Python 3.3 is end-of-life and no longer receives
updates of any kind (including security fixes), so remove it from the
list of supported versions.
