Workflow

Confidant

Latest version: v6.5.3

Safety actively analyzes 629855 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 7

4.2.0

Not secure
* Don't in-memory cache the USERS\_FILE, but re-read it every time, so that
the confidant process doesn't need to restarted whenever this file changes.

4.1.0

Not secure
* Switch from python-saml to python3-saml.

4.0.0

Not secure
* This is a breaking release. This change upgrades the `LegacyBooleanAttributes`
to `BooleanAttributes`, which saves data in a new format. Once you upgrade
to this version, you must run the migrate\_bool\_attribute maintenance
script immediately after upgrading, which will convert all old data into
the new format and prevent further issues with Pynamo upgrades.

3.0.0

* This is a breaking release, if you're using blind credentials. This change
upgrades to using pynamodb 3.2.1. If you're using blind credentials, it's
necessary to first upgrade to confidant 2.0.0, run the
migrate\_set\_attribute maintenance script, then upgrade to this version.
This is due to a breaking change in pynamodb itself, which requires using
specific versions of pynamodb to migrate the underlying data.

2.0.1

* Added additional logging in the v1 routes.
* Updated the migration script to include both Service and BlindCredential
migrations, as well as checks to ensure the migration was successful.

2.0.0

WARNING: If you upgrade to this version, any new writes to blind credentials
will be in a format that is only compatible in 1.11.0 forward. If you've
upgraded and need to downgrade, you should downgrade to 1.11.0. This is only
a concern if you're using blind credentials. If you're using blind credentials,
see the [upgrade instructions](upgrade.html)
for more detailed information about this breaking change.

* Added support for a maintenance mode, which will disable all writes to
confidant via the API. This allows you to put confidant into a maintenance
mode which will let you do maintenance actions via scripts, but will disallow
all write actions via the API while you're performing the maintenance.
This is useful for data migrations, or during periods where you want to
ensure no confidant changes are being made. See the docs for
MAINTENANCE\_MODE and MAINTENANCE\_MODE\_TOUCH\_FILE settings.
* Upgraded pynamodb to 2.2.0, to support migration of UnicodeSetAttribute for
blind credentials in DynamoDB.
* Changed dynamo models to use LegacyBooleanAttribute, to allow for backwards
compatibility for the data models. In a future version we'll require a
migration for dynamo data to the new BooleanAttribute format used in
PynamoDB.

Page 3 of 7

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.