Skip to content

feat!: update supported versions to match security updates #1118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat!: update supported versions to match security updates #1118

wants to merge 1 commit into from

Conversation

CoderJoshDK
Copy link

@CoderJoshDK CoderJoshDK commented Sep 12, 2025
edited
Loading

Important

Officially drops support for python <3.7 (was already not supported by this package)

Related

Related #1105

Makes #1112 easier to implement

Summary

This PR updates the bounds of dependencies, in order to match recent security updates.

This does mean that python 2.7 support is officially dropped. As well as python 3.7 and below.
However, they were dropped before this. This PR just reflects that in the setup.py file.

Cryptography bounds

With #1114, you are now bound by the requirements of that package. Cryptography dropped support for python 2 in v3.4: https://cryptography.io/en/latest/changelog/#v3-4

Python 3.7 is about to be dropped from Cryptography in the next release. But that doesn't matter because of Werkzeug (mind you, all of these old versions are way past their EOL)

I lowered the bound to 44.0.1. This is the last known good version without known security vulnerabilities.

Werkzeug

The last version that doesn't contain security vulnerabilities is 3.0.6. This version does support python 3.8. And as such, if you want to capture security updates, python 3.8 is the lowest version you can support.

In theory, you could support python 3.7 if you don't want to capture the Werkzeug security updates.

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the main branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

If you have questions, please file a support ticket.

What this PR is not

While this PR does make the docs reflect that <3.7 is not supported, this is not an upgrade to python 3. That can be done in a different PR. One that removes special imports for python 2.7. I don't want to waste my time doing that if you decide to revert things so you can support 2.7.

@CoderJoshDK CoderJoshDK mentioned this pull request Sep 12, 2025
Open
@CoderJoshDK CoderJoshDK mentioned this pull request Sep 12, 2025
Open
@CoderJoshDK
feat!: update bounds to match security updates
d77ecc3 
This does mean that python 2.7 support is dropped. As well as python 3.7
and bellow. However, they were dropped before this. These changes fully
reflect that in the setup.py file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@CoderJoshDK