Skip to content

Update zxcvbn requirement from ~=4.4.0 to >=4.4,<4.6 #429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Update zxcvbn requirement from ~=4.4.0 to >=4.4,<4.6 #429

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025

Updates the requirements on zxcvbn to permit the latest version.

Changelog

Sourced from zxcvbn's changelog.

v4.5.0 (2025-02-19)

  • decorator solution for lazy loading frequency_lists library View
  • handle zero-length password gracefully View
  • add failing test for empty password scenario View
  • Merge branch 'musicsnobj-feature/l33t-exploit' View
  • Merge branch 'feature/l33t-exploit' of github.com:musicsnobj/zxcvbn-python into musicsnobj-feature/l33t-exploit View
  • use optional third arg instead of env variable for max password length View
  • Merge branch 'feature/setup-tox' into feature/l33t-exploit View
  • fuzzy match all py test versions View
  • update README w/ tested py versions, try 3.8.* as test version View
  • remove python 2 condition from mypy job View
  • add py versions 3.12 and 3.13 View
  • add py versions 3.9, 3.10, 3.11 View
  • trying another tox config View
  • tweak tox config View
  • rm reference to requirements.txt View
  • let tox control pytest version View
  • try python version 3.8.18 by itself View
  • update build.yml with python versions supported by Ubuntu 24.04 View
  • try dropping python versions older than 3.6 View
  • try v5 of setup-python gha View
  • add tox.ini, add python versions to test View
  • fuzzy match all py test versions View
  • update README w/ tested py versions, try 3.8.* as test version View
  • remove python 2 condition from mypy job View
  • add py versions 3.12 and 3.13 View
  • add py versions 3.9, 3.10, 3.11 View
  • trying another tox config View
  • tweak tox config View
  • rm reference to requirements.txt View
  • let tox control pytest version View
  • try python version 3.8.18 by itself View
  • update build.yml with python versions supported by Ubuntu 24.04 View
  • try dropping python versions older than 3.6 View
  • try v5 of setup-python gha View
  • add tox.ini, add python versions to test View
  • add max password length, default 72, configurable via ZXCVBN_MAX_LENGTH env var View
  • Match the correct dictionary name for English words View
  • Add the license file to the source tarball View
  • update supported python versions in README View
  • github actions & mypy View
  • Fix syntax warning over comparison of literals using is. (#53) View
  • Added Python 3.8 to travis config. (#50) View
  • add 3.7 in python versions tested on travis ci (#44) View

v4.4.28 (2019-05-28)

  • Prefer stdin for password if it is readable (#43) View
  • updating version to 4.4.28 View

... (truncated)

Commits
  • 566fff1 update changelog, update setup.py for version 4.5.0
  • f416148 decorator solution for lazy loading frequency_lists library
  • 2939b6b handle zero-length password gracefully
  • 8459ce5 add failing test for empty password scenario
  • 2b3e11f Merge branch 'musicsnobj-feature/l33t-exploit'
  • c7fc8b1 Merge branch 'feature/l33t-exploit' of github.com:musicsnobj/zxcvbn-python in...
  • 1ed43f5 use optional third arg instead of env variable for max password length
  • 98a2b4d Merge branch 'feature/setup-tox' into feature/l33t-exploit
  • 558084c fuzzy match all py test versions
  • 7369112 update README w/ tested py versions, try 3.8.* as test version
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update zxcvbn requirement from ~=4.4.0 to >=4.4,<4.6
8d7f214 
Updates the requirements on [zxcvbn](https://github.com/dwolfhub/zxcvbn-python) to permit the latest version.
- [Changelog](https://github.com/dwolfhub/zxcvbn-python/blob/master/CHANGELOG.md)
- [Commits](dwolfhub/zxcvbn-python@v4.4.1...v4.5.0)

---
updated-dependencies:
- dependency-name: zxcvbn
  dependency-version: 4.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant