Development#464
Merged
Merged
Conversation
Merge master 1.14.0 → development
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.13.0 to 3.14.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.13.0...v3.14.0) Signed-off-by: dependabot[bot] <support@github.com>
NA: Update dependabot reviewers
Bumps [cffi](https://github.com/python-cffi/release-doc) from 1.14.3 to 1.14.4. - [Release notes](https://github.com/python-cffi/release-doc/releases) - [Commits](https://github.com/python-cffi/release-doc/commits) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.1.0 to 20.2.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.1.0...20.2.1) Signed-off-by: dependabot[bot] <support@github.com>
SDK-1583: Merge GitHub actions CI steps into development
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.2.1 to 20.4.3. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.2.1...20.4.3) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytz](https://github.com/stub42/pytz) from 2020.4 to 2021.1. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2020.4...release_2021.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [iso8601](https://github.com/micktwomey/pyiso8601) from 0.1.13 to 0.1.14. - [Release notes](https://github.com/micktwomey/pyiso8601/releases) - [Commits](micktwomey/pyiso8601@0.1.13...0.1.14) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.10 to 1.2.12. - [Release notes](https://github.com/tantale/deprecated/releases) - [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst) - [Commits](laurent-laporte-pro/deprecated@v1.2.10...v1.2.12) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.14.0 to 3.15.8. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.14.0...v3.15.8) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cffi](https://github.com/python-cffi/release-doc) from 1.14.4 to 1.14.5. - [Release notes](https://github.com/python-cffi/release-doc/releases) - [Commits](https://github.com/python-cffi/release-doc/commits) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.15.8 to 3.17.1. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.15.8...v3.17.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 1.0.1 to 2.0.1. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@1.0.1...2.0.1) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.4.3 to 20.4.7. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.4.3...20.4.7) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.17.1 to 3.17.3. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.17.1...v3.17.3) --- updated-dependencies: - dependency-name: protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
# Conflicts: # examples/yoti_example_django/requirements.txt
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.4.7 to 20.7.2. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.4.7...20.7.2) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [cffi](http://cffi.readthedocs.org) from 1.14.5 to 1.14.6. --- updated-dependencies: - dependency-name: cffi dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [iso8601](https://github.com/micktwomey/pyiso8601) from 0.1.14 to 0.1.16. - [Release notes](https://github.com/micktwomey/pyiso8601/releases) - [Commits](micktwomey/pyiso8601@0.1.14...0.1.16) --- updated-dependencies: - dependency-name: iso8601 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.7.2 to 20.8.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.7.2...20.8.1) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [deprecated](https://github.com/tantale/deprecated) from 1.2.12 to 1.2.13. - [Release notes](https://github.com/tantale/deprecated/releases) - [Changelog](https://github.com/tantale/deprecated/blob/master/CHANGELOG.rst) - [Commits](laurent-laporte-pro/deprecated@v1.2.12...v1.2.13) --- updated-dependencies: - dependency-name: deprecated dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytz](https://github.com/stub42/pytz) from 2021.1 to 2021.3. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2021.1...release_2021.3) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.12.0 to 20.13.0. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.12.0...20.13.0) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 3.19.3 to 3.19.4. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/master/generate_changelog.py) - [Commits](protocolbuffers/protobuf@v3.19.3...v3.19.4) --- updated-dependencies: - dependency-name: protobuf dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
# Conflicts: # .github/workflows/tests.yaml # .pre-commit-config.yaml # examples/yoti_example_flask/requirements.in # examples/yoti_example_flask/requirements.txt # requirements.in # requirements.txt # setup.py # sonar-project.properties # yoti_python_sdk/version.py
Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.4.0 to 6.6.2. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.4.0...6.6.2) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.13.0 to 20.14.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.13.0...20.14.1) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.0.2 to 2.1.2. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.0.2...2.1.2) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [virtualenv](https://github.com/pypa/virtualenv) from 20.14.1 to 20.15.1. - [Release notes](https://github.com/pypa/virtualenv/releases) - [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst) - [Commits](pypa/virtualenv@20.14.1...20.15.1) --- updated-dependencies: - dependency-name: virtualenv dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Python library updates
* added python static liveness check
* SDK-2267:updated refs * SDK-2267:version update * Release/2.14.3 (#420) Python library updates * Release/2.14.4 (#423) * SDK-2648 updated version of protobuf * Update version to 2.14.4 * SDK-2648: Update protobuf to 4.21.12+ * Remove accidentally committed virtual environment files from Flask example * Update doc_scan example requirements for protobuf 4.21.12 and SDK v2.14.4 * Update Flask example requirements for protobuf 4.21.12 and SDK v2.14.4 * updated versions in examples * Fix GitHub Actions workflow to install local SDK before example requirements * Release/2.14.5 (#436) * Python library updates * added python static liveness check (#425) * update version files * updated protobuf error * fix: update example requirements to be compatible with SDK cryptography>=42.0.0 doc_scan/requirements.txt pinned cryptography==41.0.7 which conflicts with the SDK's install_requires (cryptography>=42.0.0), breaking the CI examples job. Updated both example requirements files and clarified the headers to reflect that they contain SDK-inherited range constraints. * fix: sync cryptography constraint and prevent local SDK override in CI - requirements.in: cryptography>=41.0.7 -> >=42.0.0 to match setup.py, remove leading blank line - tests.yaml: reinstall local SDK after AML/Django examples, which pin yoti==2.14.0 from PyPI and would otherwise override the editable install - flask/doc_scan requirements.txt: clarify # via yoti (installed separately) annotations since yoti is no longer in requirements.in
…resources tasks (#462) * SDK-2758-python-add-support-for-requesting-and-retrieving-share-code-resources-tasks * Fix Copilot review issues and rebase onto development * Fix remaining is comparison for BASIC auth type in test
…s field from the IDV pages - python (#461) * feat(SDK-2792): Python - Add support for retrieving the extraction_image_ids field from the IDV pages [python] Rebase onto development to resolve conflicts. * fix(SDK-2792): fix typo and remove duplicate entries in requirements.in [python] * fix(SDK-2792): remove unsafe packages comments from requirements files [python]
…c Liveness resources - python (#460) * feat(SDK-2781): Python - Add support for new capture_type property on Static Liveness resources [python]
…hon (#459) * feat(SDK-2614): Python - Support configuration for IDV shortened flow [python] * fix(SDK-2614): address Copilot review comments on sdk_config - Fix docstring param order to match function signature (allow_handoff before privacy_policy_url) - Copy suppressed_screens list in build() to prevent mutation of built configs - Use == instead of is for string assertions in tests - Add test for empty suppressed_screens list serialization
) * feat(SDK-2473): Python - IDV Support Brand ID in session config [python] * fix(SDK-2473): fix docstring param order and test assertions [python] - Reorder allow_handoff/privacy_policy_url in docstring to match signature - Use == instead of is for string value assertions in tests - Add .claude/ to .gitignore and remove settings.local.json from tracking
* SDK-2743-python-expose-idv-breakdown-process-property * fix: apply Copilot review suggestions on BreakdownResponse - Use == instead of is for string comparisons in test assertions - Clarify process property docstring to mention breakdown process type
#452) * SDK-2792-python-add-support-for-retrieving-the-extraction-image-ids-field-from-the-idv-pages
…dk examples (#463) * SDK-2803 Phase 1: bump core SDK dependencies to close High-severity CVEs - cryptography >=44.0.1 (CVE-2024-12797 bundled-OpenSSL) - pyopenssl >=26.0.0 - requests >=2.32.4 (CVE-2024-47081 .netrc leak) - urllib3 >=2.6.3 (decompression/encoding/redirect CVEs) - cffi >=1.17.1, wheel >=0.46.2 (CVE-2026-24049), PyYAML >=6.0.2, wrapt >=1.17.2, itsdangerous >=2.2.0 - regenerated requirements.txt picks up fresh certifi (2026.4.22), idna (3.15) which closes those transitive CVEs * SDK-2803 Phase 2: bump protobuf to >=4.25.8,<6 and regenerate pb2 modules - protobuf 3.20.3 -> >=4.25.8,<6 in setup.py and requirements.in; pip-compile resolves to 5.29.6, closing CVE-2025-4565 and CVE-2026-0994 (recursion DoS in google.protobuf). - Regenerate all *_pb2.py via protoc 3.21.12 from sdk-protobuf/proto/. Output now uses the _builder.BuildMessageAndEnumDescriptors API that is required by protobuf 4.x/5.x runtimes. - _pb2_grpc.py stubs are unused in this SDK and left untouched. - pytest: 438 passed, 0 failed. * SDK-2803 Phase 3: upgrade example apps to close shipped CVEs aml: no .in change, regenerated to pick up new core deps doc_scan: flask>=3.0.6, pyopenssl>=26.0.0, deprecated>=1.2.14, iso8601>=1.1.0, pytz>=2025.2, click>=8.1 django: django 4.0.1 -> 4.2 LTS (closes critical SQLi CVEs), urllib3>=2.6.3, requests>=2.32.4, cffi>=1.17.1; remove unused six; add DEFAULT_AUTO_FIELD = BigAutoField to settings.py for 4.2 flask: flask 1->3.0.6 (CVE-2023-30861), werkzeug 1->3.0.6 (request smuggling, debugger RCE, path traversal CVEs), jinja2>=3.1.6 (5 CVEs), pyopenssl, urllib3, requests bumped, itsdangerous>=2.2.0 added explicitly; remove unused six setup.py extras_require[examples]: Django>=4.2,<5.3, Flask>=3.0.6, Werkzeug>=3.0.6 * fix(SDK-2803): add urllib3>=2.6.3 to install_requires to enforce CVE floor [python] * fix: pin protobuf<6 in aml example to match SDK install_requires constraint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.