From cc0b20e21f22901652e074c03490e1d4460a5f03 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Wed, 24 Jun 2026 14:31:57 +0200 Subject: [PATCH 1/5] Bump cryptography requirement range --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index b45a3d9..caf98f0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,7 +14,7 @@ classifiers = [ "Topic :: Security :: Cryptography", "Topic :: Software Development :: Libraries" ] -dependencies = ["cryptography (>=2.6, <47)"] +dependencies = ["cryptography (>=2.6, <52)"] [dependency-groups] dev = [ @@ -54,4 +54,4 @@ exclude = ["tests/*"] [tool.pyright] venvPath = "." venv = ".venv" -exclude = ["tests/", "docs/", "examples/"] \ No newline at end of file +exclude = ["tests/", "docs/", "examples/"] From 412faf6242151794c6b8d7f7a0a56ec679b2048a Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Wed, 24 Jun 2026 14:39:10 +0200 Subject: [PATCH 2/5] Bump Python requirements --- .github/workflows/build.yml | 10 +++++++--- README.adoc | 2 +- pyproject.toml | 8 ++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 24b65be..5a75604 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,9 +9,10 @@ jobs: runs-on: ${{ matrix.os }} strategy: + fail-fast: false matrix: os: [ubuntu-latest, windows-latest, macos-latest] - python: ['3.9', '3.10', '3.11', '3.12', '3.13', 'pypy3.9'] + python: ['3.11', '3.12', '3.13', '3.14', 'pypy3.11'] architecture: [x86, x64, arm64] exclude: - os: ubuntu-latest @@ -25,9 +26,12 @@ jobs: - os: windows-latest architecture: arm64 - os: windows-latest - python: pypy3.9 + architecture: x86 + - os: windows-latest + python: pypy3.11 - os: macos-latest - python: pypy3.9 + python: pypy3.11 + name: ${{ matrix.os }} Py ${{ matrix.python }} ${{ matrix.architecture }} steps: diff --git a/README.adoc b/README.adoc index 8263909..5975a1e 100644 --- a/README.adoc +++ b/README.adoc @@ -2,7 +2,7 @@ Python library and tests for the YubiHSM 2. -The current version (3.0) supports Python 3.9 and later. +The current version (3.0) supports Python 3.10 and later. Communicates with the YubiHSM 2 connector daemon, which must already be running. It can also communicate directly with the YubiHSM 2 via USB (requires libusb). diff --git a/pyproject.toml b/pyproject.toml index caf98f0..cf893a6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ version = "3.1.2-dev.0" description = "Library for communication with a YubiHSM 2 over HTTP or USB." authors = [{ name = "Dain Nilsson", email = "" }] readme = "README.adoc" -requires-python = ">=3.9" +requires-python = ">=3.10" license = { file = "COPYING" } classifiers = [ "Operating System :: OS Independent", @@ -19,9 +19,9 @@ dependencies = ["cryptography (>=2.6, <52)"] [dependency-groups] dev = [ "pytest>=8.4.1", - "sphinx>=8.1.3 ; python_full_version >= '3.10'", - "sphinx-autoapi>=3.6.0 ; python_full_version >= '3.10'", - "sphinx-rtd-theme>=3.0.2 ; python_full_version >= '3.10'", + "sphinx>=8.1.3", + "sphinx-autoapi>=3.6.0", + "sphinx-rtd-theme>=3.0.2", ] [project.optional-dependencies] From 3bf69ea0ef596d8c2ee889097a97c182e0d41a88 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Wed, 24 Jun 2026 15:22:19 +0200 Subject: [PATCH 3/5] Fix deprecation warning for fixture --- tests/device/test_basic.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/device/test_basic.py b/tests/device/test_basic.py index 050b33f..7f55184 100644 --- a/tests/device/test_basic.py +++ b/tests/device/test_basic.py @@ -190,7 +190,8 @@ def test_echo_max_size(self, hsm, session): class TestFipsOptions: @pytest.fixture(scope="class", autouse=True) - def session2(self, session, connect_hsm): + @classmethod + def session2(cls, session, connect_hsm): try: session.get_fips_status() session.reset_device() From fd0de25d1ffc5bb26a64664b466081f9dd098053 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jun 2026 13:29:11 +0000 Subject: [PATCH 4/5] Bump github actions (close #80). --- .github/workflows/build.yml | 28 ++++++++++++++-------------- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecard.yml | 10 +++++----- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5a75604..02c2d29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,17 +35,17 @@ jobs: name: ${{ matrix.os }} Py ${{ matrix.python }} ${{ matrix.architecture }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: enable-cache: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.architecture }} @@ -71,17 +71,17 @@ jobs: name: Device tests ${{ matrix.os }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: enable-cache: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: 3.x @@ -115,17 +115,17 @@ jobs: name: Build Python source .tar.gz steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: enable-cache: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: 3.x @@ -133,7 +133,7 @@ jobs: run: uv build - name: Upload source package - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: python-yubihsm-sdist path: dist @@ -143,16 +143,16 @@ jobs: name: Build sphinx documentation steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: enable-cache: false - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: 3.x @@ -163,7 +163,7 @@ jobs: run: uv run make -C docs/ html - name: Upload documentation - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: python-yubihsm-docs path: docs/_build/html diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c4423de..623435a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,12 +23,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v 5.0.0 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #v 7.0.0 with: persist-credentials: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: languages: ${{ matrix.language }} queries: security-extended,security-and-quality @@ -40,7 +40,7 @@ jobs: # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3.30.1 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5dc5512..799eabf 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,17 +36,17 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -68,7 +68,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif @@ -76,6 +76,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: results.sarif From 3a38410e473b44bd4812a5d8a58f7c76a4cec10b Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Wed, 24 Jun 2026 17:34:29 +0200 Subject: [PATCH 5/5] Test re-adding python 3.10 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 02c2d29..3b1776d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, windows-latest, macos-latest] - python: ['3.11', '3.12', '3.13', '3.14', 'pypy3.11'] + python: ['3.10', '3.11', '3.12', '3.13', '3.14', 'pypy3.11'] architecture: [x86, x64, arm64] exclude: - os: ubuntu-latest