Update upstream source from tag 'upstream/1.3.4'

Update to upstream version '1.3.4'
with Debian dir 777524adc014a778bea83b7686468832666f6c9c

13 files changed, 219 insertions, 249 deletions

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 2993720..d0489a0 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -101,4 +101,4 @@ Tips
 
 To run a subset of tests::
 
-    $ devenv/bin/nosetests macaroonbakery/tests/...
+    $ devenv/bin/nose2 macaroonbakery/tests/...
diff --git a/PKG-INFO b/PKG-INFO
index a3c2272..2a03d29 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,47 +1,11 @@
-Metadata-Version: 1.1
+Metadata-Version: 2.1
 Name: macaroonbakery
-Version: 1.3.1
+Version: 1.3.4
 Summary: A Python library port for bakery, higher level operation to work with macaroons
 Home-page: https://github.com/go-macaroon-bakery/py-macaroon-bakery
 Author: Juju UI Team
 Author-email: juju-gui@lists.ubuntu.com
 License: LGPL3
-Description: ===============
-        Macaroon Bakery
-        ===============
-        
-        A Python library for working with macaroons.
-        
-        
-        Installation
-        ------------
-        The easiest way to install macaroonbakery is via pip::
-        
-            $ pip install macaroonbakery
-        
-        macaroonbakery was developed around pymacaroons. On ubuntu, you
-        can get libsodium from a ppa::
-        
-        	$ sudo add-apt-repository ppa:yellow/ppa -y
-        	$ apt-get install libsodium13
-        
-        Usage
-        -----
-        Interacting with a protected url, you can use the BakeryAuth provided to deal
-        with the macaroon bakery
-        
-            >>> from macaroonbakery import httpbakery
-            >>> jar = requests.cookies.RequestsCookieJar()
-            >>> resp = requests.get('some protected url',
-                                    cookies=jar,
-                                    auth=httpbakery.BakeryAuth(cookies=jar))
-            >>> resp.raise_for_status()
-        
-        
-        You can use any cookie storage you'd like so next subsequent calls the macaroon
-        saved in the cookie jar will be directly used and will not require
-        any other authentication (for example, cookielib.FileCookieJar).
-        
 Keywords: macaroon cookie
 Platform: UNKNOWN
 Classifier: Development Status :: 2 - Pre-Alpha
@@ -52,3 +16,43 @@ Classifier: Programming Language :: Python :: 2
 Classifier: Programming Language :: Python :: 2.7
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.5
+License-File: LICENSE
+License-File: AUTHORS.rst
+
+===============
+Macaroon Bakery
+===============
+
+A Python library for working with macaroons.
+
+
+Installation
+------------
+The easiest way to install macaroonbakery is via pip::
+
+    $ pip install macaroonbakery
+
+macaroonbakery was developed around pymacaroons. On ubuntu, you
+can get libsodium from a ppa::
+
+	$ sudo add-apt-repository ppa:yellow/ppa -y
+	$ apt-get install libsodium13
+
+Usage
+-----
+Interacting with a protected url, you can use the BakeryAuth provided to deal
+with the macaroon bakery
+
+    >>> from macaroonbakery import httpbakery
+    >>> jar = requests.cookies.RequestsCookieJar()
+    >>> resp = requests.get('some protected url',
+                            cookies=jar,
+                            auth=httpbakery.BakeryAuth(cookies=jar))
+    >>> resp.raise_for_status()
+
+
+You can use any cookie storage you'd like so next subsequent calls the macaroon
+saved in the cookie jar will be directly used and will not require
+any other authentication (for example, cookielib.FileCookieJar).
+
+
diff --git a/debian/changelog b/debian/changelog
index e3ea2c1..dbda37e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+py-macaroon-bakery (1.3.4-1) UNRELEASED; urgency=medium
+
+  * New upstream release.
+    - Modernize unittest method spelling (closes: #1058354).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 17 Dec 2023 15:38:56 +0000
+
 py-macaroon-bakery (1.3.1-5) unstable; urgency=medium
 
   [ Colin Watson ]
diff --git a/macaroonbakery.egg-info/PKG-INFO b/macaroonbakery.egg-info/PKG-INFO
index a3c2272..2a03d29 100644
--- a/macaroonbakery.egg-info/PKG-INFO
+++ b/macaroonbakery.egg-info/PKG-INFO
@@ -1,47 +1,11 @@
-Metadata-Version: 1.1
+Metadata-Version: 2.1
 Name: macaroonbakery
-Version: 1.3.1
+Version: 1.3.4
 Summary: A Python library port for bakery, higher level operation to work with macaroons
 Home-page: https://github.com/go-macaroon-bakery/py-macaroon-bakery
 Author: Juju UI Team
 Author-email: juju-gui@lists.ubuntu.com
 License: LGPL3
-Description: ===============
-        Macaroon Bakery
-        ===============
-        
-        A Python library for working with macaroons.
-        
-        
-        Installation
-        ------------
-        The easiest way to install macaroonbakery is via pip::
-        
-            $ pip install macaroonbakery
-        
-        macaroonbakery was developed around pymacaroons. On ubuntu, you
-        can get libsodium from a ppa::
-        
-        	$ sudo add-apt-repository ppa:yellow/ppa -y
-        	$ apt-get install libsodium13
-        
-        Usage
-        -----
-        Interacting with a protected url, you can use the BakeryAuth provided to deal
-        with the macaroon bakery
-        
-            >>> from macaroonbakery import httpbakery
-            >>> jar = requests.cookies.RequestsCookieJar()
-            >>> resp = requests.get('some protected url',
-                                    cookies=jar,
-                                    auth=httpbakery.BakeryAuth(cookies=jar))
-            >>> resp.raise_for_status()
-        
-        
-        You can use any cookie storage you'd like so next subsequent calls the macaroon
-        saved in the cookie jar will be directly used and will not require
-        any other authentication (for example, cookielib.FileCookieJar).
-        
 Keywords: macaroon cookie
 Platform: UNKNOWN
 Classifier: Development Status :: 2 - Pre-Alpha
@@ -52,3 +16,43 @@ Classifier: Programming Language :: Python :: 2
 Classifier: Programming Language :: Python :: 2.7
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.5
+License-File: LICENSE
+License-File: AUTHORS.rst
+
+===============
+Macaroon Bakery
+===============
+
+A Python library for working with macaroons.
+
+
+Installation
+------------
+The easiest way to install macaroonbakery is via pip::
+
+    $ pip install macaroonbakery
+
+macaroonbakery was developed around pymacaroons. On ubuntu, you
+can get libsodium from a ppa::
+
+	$ sudo add-apt-repository ppa:yellow/ppa -y
+	$ apt-get install libsodium13
+
+Usage
+-----
+Interacting with a protected url, you can use the BakeryAuth provided to deal
+with the macaroon bakery
+
+    >>> from macaroonbakery import httpbakery
+    >>> jar = requests.cookies.RequestsCookieJar()
+    >>> resp = requests.get('some protected url',
+                            cookies=jar,
+                            auth=httpbakery.BakeryAuth(cookies=jar))
+    >>> resp.raise_for_status()
+
+
+You can use any cookie storage you'd like so next subsequent calls the macaroon
+saved in the cookie jar will be directly used and will not require
+any other authentication (for example, cookielib.FileCookieJar).
+
+
diff --git a/macaroonbakery.egg-info/requires.txt b/macaroonbakery.egg-info/requires.txt
index 52b6944..c663b20 100644
--- a/macaroonbakery.egg-info/requires.txt
+++ b/macaroonbakery.egg-info/requires.txt
@@ -1,5 +1,5 @@
 PyNaCl<2.0,>=1.1.2
-protobuf<4.0,>=3.0.0
+protobuf>=3.20.0
 pyRFC3339<2.0,>=1.0
 pymacaroons<1.0,>=0.12.0
 requests<3.0,>=2.18.1
diff --git a/macaroonbakery/bakery/_internal/id_pb2.py b/macaroonbakery/bakery/_internal/id_pb2.py
index 0fd54c0..1b4ca02 100644
--- a/macaroonbakery/bakery/_internal/id_pb2.py
+++ b/macaroonbakery/bakery/_internal/id_pb2.py
@@ -1,13 +1,12 @@
+# -*- coding: utf-8 -*-
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
-# source: macaroonbakery/internal/id.proto
-
-import sys
-_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1'))
+# source: id.proto
+# Protobuf Python Version: 4.25.1
+"""Generated protocol buffer code."""
 from google.protobuf import descriptor as _descriptor
-from google.protobuf import message as _message
-from google.protobuf import reflection as _reflection
+from google.protobuf import descriptor_pool as _descriptor_pool
 from google.protobuf import symbol_database as _symbol_database
-from google.protobuf import descriptor_pb2
+from google.protobuf.internal import builder as _builder
 # @@protoc_insertion_point(imports)
 
 _sym_db = _symbol_database.Default()
@@ -15,118 +14,16 @@ _sym_db = _symbol_database.Default()
 
 
 
-DESCRIPTOR = _descriptor.FileDescriptor(
-  name='macaroonbakery/internal/id.proto',
-  package='',
-  syntax='proto3',
-  serialized_pb=_b('\n macaroonbakery/internal/id.proto\"@\n\nMacaroonId\x12\r\n\x05nonce\x18\x01 \x01(\x0c\x12\x11\n\tstorageId\x18\x02 \x01(\x0c\x12\x10\n\x03ops\x18\x03 \x03(\x0b\x32\x03.Op\"%\n\x02Op\x12\x0e\n\x06\x65ntity\x18\x01 \x01(\t\x12\x0f\n\x07\x61\x63tions\x18\x02 \x03(\tB\x0cZ\nmacaroonpbb\x06proto3')
-)
-
-
-
-
-_MACAROONID = _descriptor.Descriptor(
-  name='MacaroonId',
-  full_name='MacaroonId',
-  filename=None,
-  file=DESCRIPTOR,
-  containing_type=None,
-  fields=[
-    _descriptor.FieldDescriptor(
-      name='nonce', full_name='MacaroonId.nonce', index=0,
-      number=1, type=12, cpp_type=9, label=1,
-      has_default_value=False, default_value=_b(""),
-      message_type=None, enum_type=None, containing_type=None,
-      is_extension=False, extension_scope=None,
-      options=None),
-    _descriptor.FieldDescriptor(
-      name='storageId', full_name='MacaroonId.storageId', index=1,
-      number=2, type=12, cpp_type=9, label=1,
-      has_default_value=False, default_value=_b(""),
-      message_type=None, enum_type=None, containing_type=None,
-      is_extension=False, extension_scope=None,
-      options=None),
-    _descriptor.FieldDescriptor(
-      name='ops', full_name='MacaroonId.ops', index=2,
-      number=3, type=11, cpp_type=10, label=3,
-      has_default_value=False, default_value=[],
-      message_type=None, enum_type=None, containing_type=None,
-      is_extension=False, extension_scope=None,
-      options=None),
-  ],
-  extensions=[
-  ],
-  nested_types=[],
-  enum_types=[
-  ],
-  options=None,
-  is_extendable=False,
-  syntax='proto3',
-  extension_ranges=[],
-  oneofs=[
-  ],
-  serialized_start=36,
-  serialized_end=100,
-)
-
-
-_OP = _descriptor.Descriptor(
-  name='Op',
-  full_name='Op',
-  filename=None,
-  file=DESCRIPTOR,
-  containing_type=None,
-  fields=[
-    _descriptor.FieldDescriptor(
-      name='entity', full_name='Op.entity', index=0,
-      number=1, type=9, cpp_type=9, label=1,
-      has_default_value=False, default_value=_b("").decode('utf-8'),
-      message_type=None, enum_type=None, containing_type=None,
-      is_extension=False, extension_scope=None,
-      options=None),
-    _descriptor.FieldDescriptor(
-      name='actions', full_name='Op.actions', index=1,
-      number=2, type=9, cpp_type=9, label=3,
-      has_default_value=False, default_value=[],
-      message_type=None, enum_type=None, containing_type=None,
-      is_extension=False, extension_scope=None,
-      options=None),
-  ],
-  extensions=[
-  ],
-  nested_types=[],
-  enum_types=[
-  ],
-  options=None,
-  is_extendable=False,
-  syntax='proto3',
-  extension_ranges=[],
-  oneofs=[
-  ],
-  serialized_start=102,
-  serialized_end=139,
-)
-
-_MACAROONID.fields_by_name['ops'].message_type = _OP
-DESCRIPTOR.message_types_by_name['MacaroonId'] = _MACAROONID
-DESCRIPTOR.message_types_by_name['Op'] = _OP
-_sym_db.RegisterFileDescriptor(DESCRIPTOR)
-
-MacaroonId = _reflection.GeneratedProtocolMessageType('MacaroonId', (_message.Message,), dict(
-  DESCRIPTOR = _MACAROONID,
-  __module__ = 'macaroonbakery.internal.id_pb2'
-  # @@protoc_insertion_point(class_scope:MacaroonId)
-  ))
-_sym_db.RegisterMessage(MacaroonId)
-
-Op = _reflection.GeneratedProtocolMessageType('Op', (_message.Message,), dict(
-  DESCRIPTOR = _OP,
-  __module__ = 'macaroonbakery.internal.id_pb2'
-  # @@protoc_insertion_point(class_scope:Op)
-  ))
-_sym_db.RegisterMessage(Op)
-
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x08id.proto\"@\n\nMacaroonId\x12\r\n\x05nonce\x18\x01 \x01(\x0c\x12\x11\n\tstorageId\x18\x02 \x01(\x0c\x12\x10\n\x03ops\x18\x03 \x03(\x0b\x32\x03.Op\"%\n\x02Op\x12\x0e\n\x06\x65ntity\x18\x01 \x01(\t\x12\x0f\n\x07\x61\x63tions\x18\x02 \x03(\tB\x0cZ\nmacaroonpbb\x06proto3')
 
-DESCRIPTOR.has_options = True
-DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('Z\nmacaroonpb'))
+_globals = globals()
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'id_pb2', _globals)
+if _descriptor._USE_C_DESCRIPTORS == False:
+  _globals['DESCRIPTOR']._options = None
+  _globals['DESCRIPTOR']._serialized_options = b'Z\nmacaroonpb'
+  _globals['_MACAROONID']._serialized_start=12
+  _globals['_MACAROONID']._serialized_end=76
+  _globals['_OP']._serialized_start=78
+  _globals['_OP']._serialized_end=115
 # @@protoc_insertion_point(module_scope)
diff --git a/macaroonbakery/httpbakery/_client.py b/macaroonbakery/httpbakery/_client.py
index 326c33d..230531d 100644
--- a/macaroonbakery/httpbakery/_client.py
+++ b/macaroonbakery/httpbakery/_client.py
@@ -131,7 +131,13 @@ class Client:
         # TODO Fabrice what is the other http response possible ??
         if resp.status_code == 200:
             return bakery.Macaroon.from_dict(resp.json().get('Macaroon'))
-        cause = Error.from_dict(resp.json())
+        # A 5xx error might not return json.
+        try:
+            cause = Error.from_dict(resp.json())
+        except ValueError:
+            raise DischargeError(
+                'unexpected response: [{}] {!r}'.format(resp.status_code, resp.content)
+            )
         if cause.code != ERR_INTERACTION_REQUIRED:
             raise DischargeError(cause.message)
         if cause.info is None:
diff --git a/macaroonbakery/tests/test_client.py b/macaroonbakery/tests/test_client.py
index 6437a54..4bccb20 100644
--- a/macaroonbakery/tests/test_client.py
+++ b/macaroonbakery/tests/test_client.py
@@ -3,6 +3,7 @@
 import base64
 import datetime
 import json
+import platform
 import threading
 
 import macaroonbakery.bakery as bakery
@@ -11,6 +12,7 @@ import macaroonbakery.httpbakery as httpbakery
 import pymacaroons
 import requests
 import macaroonbakery._utils as utils
+from macaroonbakery.httpbakery._error import DischargeError
 
 from fixtures import (
     EnvironmentVariable,
@@ -49,7 +51,7 @@ class TestClient(TestWithFixtures):
             srv_macaroon = b.oven.macaroon(
                 version=bakery.LATEST_VERSION, expiry=AGES,
                 caveats=None, ops=[TEST_OP])
-            self.assertEquals(srv_macaroon.macaroon.location, 'loc')
+            self.assertEqual(srv_macaroon.macaroon.location, 'loc')
             client = httpbakery.Client()
             client.cookies.set_cookie(requests.cookies.create_cookie(
                 'macaroon-test', base64.b64encode(json.dumps([
@@ -61,7 +63,7 @@ class TestClient(TestWithFixtures):
                     str(httpd.server_address[1]),
                 cookies=client.cookies, auth=client.auth())
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -108,7 +110,7 @@ class TestClient(TestWithFixtures):
                     cookies=client.cookies,
                     auth=client.auth())
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -155,7 +157,7 @@ class TestClient(TestWithFixtures):
                     cookies=client.cookies,
                     auth=client.auth())
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -201,7 +203,7 @@ class TestClient(TestWithFixtures):
                     cookies=client.cookies,
                     auth=client.auth())
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -220,7 +222,7 @@ class TestClient(TestWithFixtures):
             srv_macaroon = b.oven.macaroon(
                 version=bakery.LATEST_VERSION, expiry=AGES,
                 caveats=None, ops=[TEST_OP])
-            self.assertEquals(srv_macaroon.macaroon.location, 'loc')
+            self.assertEqual(srv_macaroon.macaroon.location, 'loc')
             client = httpbakery.Client()
             # Note: by using "localhost" instead of the presumably numeric address held
             # in httpd.server_address, we're triggering the no-FQDN logic in the cookie
@@ -229,7 +231,7 @@ class TestClient(TestWithFixtures):
                 url='http://localhost:' + str(httpd.server_address[1]),
                 cookies=client.cookies, auth=client.auth())
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         except httpbakery.BakeryException:
             pass  # interacion required exception is expected
         finally:
@@ -252,7 +254,7 @@ class TestClient(TestWithFixtures):
             srv_macaroon = b.oven.macaroon(
                 version=bakery.LATEST_VERSION,
                 expiry=AGES, caveats=None, ops=[TEST_OP])
-            self.assertEquals(srv_macaroon.macaroon.location, 'loc')
+            self.assertEqual(srv_macaroon.macaroon.location, 'loc')
             headers = {
                 'Macaroons': base64.b64encode(json.dumps([
                     srv_macaroon.to_dict().get('m')
@@ -263,7 +265,7 @@ class TestClient(TestWithFixtures):
                     str(httpd.server_address[1]),
                 headers=headers)
             resp.raise_for_status()
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -315,8 +317,8 @@ class TestClient(TestWithFixtures):
                 base64.b64decode(client.cookies.get('macaroon-test')).decode('utf-8'))[0])
             t = checkers.macaroons_expiry_time(
                 checkers.Namespace(), [m.macaroon])
-            self.assertEquals(ages, t)
-            self.assertEquals(resp.text, 'done')
+            self.assertEqual(ages, t)
+            self.assertEqual(resp.text, 'done')
         finally:
             httpd.shutdown()
 
@@ -516,6 +518,56 @@ class TestClient(TestWithFixtures):
         finally:
             httpd.shutdown()
 
+    def test_discharge_jsondecodeerror(self):
+        class _DischargerLocator(bakery.ThirdPartyLocator):
+            def __init__(self):
+                self.key = bakery.generate_key()
+
+            def third_party_info(self, loc):
+                if loc == 'http://1.2.3.4':
+                    return bakery.ThirdPartyInfo(
+                        public_key=self.key.public_key,
+                        version=bakery.LATEST_VERSION,
+                    )
+        d = _DischargerLocator()
+        b = new_bakery('loc', d, None)
+
+        @urlmatch(path='.*/discharge')
+        def discharge(url, request):
+            return {
+                'status_code': 503,
+                'content': 'bad system',
+            }
+
+        def handler(*args):
+            GetHandler(b, 'http://1.2.3.4', None, None, None, AGES, *args)
+
+        try:
+            httpd = HTTPServer(('', 0), handler)
+            thread = threading.Thread(target=httpd.serve_forever)
+            thread.start()
+
+            client = httpbakery.Client()
+
+            with HTTMock(discharge):
+                with self.assertRaises(DischargeError) as discharge_error:
+                    requests.get(
+                        'http://' + httpd.server_address[0] + ':' + str(
+                            httpd.server_address[1]),
+                        cookies=client.cookies,
+                        auth=client.auth())
+                if platform.python_version_tuple()[0] == '2':
+                    self.assertEqual(str(discharge_error.exception),
+                                     'third party refused dischargex: unexpected response: '
+                                     "[503] 'bad system'")
+                else:
+                    self.assertEqual(str(discharge_error.exception),
+                                     'third party refused dischargex: unexpected response: '
+                                     "[503] b'bad system'")
+
+        finally:
+            httpd.shutdown()
+
     def test_extract_macaroons_from_request(self):
         def encode_macaroon(m):
             macaroons = '[' + utils.macaroon_to_json_string(m) + ']'
@@ -539,10 +591,10 @@ class TestClient(TestWithFixtures):
         jar.add_cookie_header(req)
 
         macaroons = httpbakery.extract_macaroons(req)
-        self.assertEquals(len(macaroons), 2)
+        self.assertEqual(len(macaroons), 2)
         macaroons.sort(key=lambda ms: ms[0].identifier)
-        self.assertEquals(macaroons[0][0].identifier, m1.identifier)
-        self.assertEquals(macaroons[1][0].identifier, m2.identifier)
+        self.assertEqual(macaroons[0][0].identifier, m1.identifier)
+        self.assertEqual(macaroons[1][0].identifier, m2.identifier)
 
     def test_handle_error_cookie_path(self):
         macaroon = bakery.Macaroon(
diff --git a/macaroonbakery/tests/test_codec.py b/macaroonbakery/tests/test_codec.py
index d82a794..11e62ec 100644
--- a/macaroonbakery/tests/test_codec.py
+++ b/macaroonbakery/tests/test_codec.py
@@ -26,7 +26,7 @@ class TestCodec(TestCase):
             self.fp_key,
             None)
         res = bakery.decode_caveat(self.tp_key, cid)
-        self.assertEquals(res, bakery.ThirdPartyCaveatInfo(
+        self.assertEqual(res, bakery.ThirdPartyCaveatInfo(
             first_party_public_key=self.fp_key.public_key,
             root_key=b'a random string',
             condition='is-authenticated-user',
@@ -48,7 +48,7 @@ class TestCodec(TestCase):
             self.fp_key,
             None)
         res = bakery.decode_caveat(self.tp_key, cid)
-        self.assertEquals(res, bakery.ThirdPartyCaveatInfo(
+        self.assertEqual(res, bakery.ThirdPartyCaveatInfo(
             first_party_public_key=self.fp_key.public_key,
             root_key=b'a random string',
             condition='is-authenticated-user',
@@ -72,7 +72,7 @@ class TestCodec(TestCase):
             self.fp_key,
             ns)
         res = bakery.decode_caveat(self.tp_key, cid)
-        self.assertEquals(res, bakery.ThirdPartyCaveatInfo(
+        self.assertEqual(res, bakery.ThirdPartyCaveatInfo(
             first_party_public_key=self.fp_key.public_key,
             root_key=b'a random string',
             condition='is-authenticated-user',
@@ -110,7 +110,7 @@ class TestCodec(TestCase):
             '0V2lEOHhRUWdjU3ljOHY4eUt4dEhxejVEczJOYmh1ZDJhUFdt'
             'UTVMcVlNWitmZ2FNaTAxdE9DIn0=')
         cav = bakery.decode_caveat(tp_key, encrypted_cav)
-        self.assertEquals(cav, bakery.ThirdPartyCaveatInfo(
+        self.assertEqual(cav, bakery.ThirdPartyCaveatInfo(
             condition='caveat condition',
             first_party_public_key=fp_key.public_key,
             third_party_key_pair=tp_key,
@@ -164,7 +164,7 @@ class TestCodec(TestCase):
             '1LX4VKxymqG62UGPo78wOv0_fKjr3OI6PPJOYOQgBMclemlRF2',
         )
         cav = bakery.decode_caveat(tp_key, encrypted_cav)
-        self.assertEquals(cav, bakery.ThirdPartyCaveatInfo(
+        self.assertEqual(cav, bakery.ThirdPartyCaveatInfo(
             condition='third party condition',
             first_party_public_key=fp_key.public_key,
             third_party_key_pair=tp_key,
@@ -190,7 +190,7 @@ class TestCodec(TestCase):
             bakery.encode_uvarint(test[0], data)
             for v in test[1]:
                 expected.append(v)
-            self.assertEquals(data, expected)
+            self.assertEqual(data, expected)
             val = codec.decode_uvarint(bytes(data))
-            self.assertEquals(test[0], val[0])
-            self.assertEquals(len(test[1]), val[1])
+            self.assertEqual(test[0], val[0])
+            self.assertEqual(len(test[1]), val[1])
diff --git a/macaroonbakery/tests/test_macaroon.py b/macaroonbakery/tests/test_macaroon.py
index bcbbf80..ab0cbe0 100644
--- a/macaroonbakery/tests/test_macaroon.py
+++ b/macaroonbakery/tests/test_macaroon.py
@@ -19,17 +19,17 @@ class TestMacaroon(TestCase):
             'here',
             bakery.LATEST_VERSION)
         self.assertIsNotNone(m)
-        self.assertEquals(m._macaroon.identifier, b'some id')
-        self.assertEquals(m._macaroon.location, 'here')
-        self.assertEquals(m.version, bakery.LATEST_VERSION)
+        self.assertEqual(m._macaroon.identifier, b'some id')
+        self.assertEqual(m._macaroon.location, 'here')
+        self.assertEqual(m.version, bakery.LATEST_VERSION)
 
     def test_add_first_party_caveat(self):
         m = bakery.Macaroon('rootkey', 'some id', 'here',
                             bakery.LATEST_VERSION)
         m.add_caveat(checkers.Caveat('test_condition'))
         caveats = m.first_party_caveats()
-        self.assertEquals(len(caveats), 1)
-        self.assertEquals(caveats[0].caveat_id, b'test_condition')
+        self.assertEqual(len(caveats), 1)
+        self.assertEqual(caveats[0].caveat_id, b'test_condition')
 
     def test_add_third_party_caveat(self):
         locator = bakery.ThirdPartyStore()
diff --git a/macaroonbakery/tests/test_namespace.py b/macaroonbakery/tests/test_namespace.py
index 8a821e5..11d8795 100644
--- a/macaroonbakery/tests/test_namespace.py
+++ b/macaroonbakery/tests/test_namespace.py
@@ -24,12 +24,12 @@ class TestNamespace(TestCase):
         for test in tests:
             ns = checkers.Namespace(test[1])
             data = ns.serialize_text()
-            self.assertEquals(data, test[2])
-            self.assertEquals(str(ns), test[2].decode('utf-8'))
+            self.assertEqual(data, test[2])
+            self.assertEqual(str(ns), test[2].decode('utf-8'))
 
         # Check that it can be deserialize to the same thing:
         ns1 = checkers.deserialize_namespace(data)
-        self.assertEquals(ns1, ns)
+        self.assertEqual(ns1, ns)
 
     # TODO(rogpeppe) add resolve tests
 
@@ -37,16 +37,16 @@ class TestNamespace(TestCase):
         ns = checkers.Namespace(None)
         ns.register('testns', 't')
         prefix = ns.resolve('testns')
-        self.assertEquals(prefix, 't')
+        self.assertEqual(prefix, 't')
 
         ns.register('other', 'o')
         prefix = ns.resolve('other')
-        self.assertEquals(prefix, 'o')
+        self.assertEqual(prefix, 'o')
 
         # If we re-register the same URL, it does nothing.
         ns.register('other', 'p')
         prefix = ns.resolve('other')
-        self.assertEquals(prefix, 'o')
+        self.assertEqual(prefix, 'o')
 
     def test_register_bad_uri(self):
         ns = checkers.Namespace(None)
diff --git a/macaroonbakery/tests/test_oven.py b/macaroonbakery/tests/test_oven.py
index 3c29767..a06fbf5 100644
--- a/macaroonbakery/tests/test_oven.py
+++ b/macaroonbakery/tests/test_oven.py
@@ -45,9 +45,9 @@ class TestOven(TestCase):
         for about, ops, expected in canonical_ops_tests:
             new_ops = copy.copy(ops)
             canonical_ops = bakery.canonical_ops(new_ops)
-            self.assertEquals(canonical_ops, expected)
+            self.assertEqual(canonical_ops, expected)
             # Verify that the original array isn't changed.
-            self.assertEquals(new_ops, ops)
+            self.assertEqual(new_ops, ops)
 
     def test_multiple_ops(self):
         test_oven = bakery.Oven(
@@ -58,8 +58,8 @@ class TestOven(TestCase):
         m = test_oven.macaroon(bakery.LATEST_VERSION, AGES,
                                None, ops)
         got_ops, conds = test_oven.macaroon_ops([m.macaroon])
-        self.assertEquals(len(conds), 1)  # time-before caveat.
-        self.assertEquals(bakery.canonical_ops(got_ops), ops)
+        self.assertEqual(len(conds), 1)  # time-before caveat.
+        self.assertEqual(bakery.canonical_ops(got_ops), ops)
 
     def test_multiple_ops_in_id(self):
         test_oven = bakery.Oven()
@@ -69,8 +69,8 @@ class TestOven(TestCase):
         m = test_oven.macaroon(bakery.LATEST_VERSION, AGES,
                                None, ops)
         got_ops, conds = test_oven.macaroon_ops([m.macaroon])
-        self.assertEquals(len(conds), 1)  # time-before caveat.
-        self.assertEquals(bakery.canonical_ops(got_ops), ops)
+        self.assertEqual(len(conds), 1)  # time-before caveat.
+        self.assertEqual(bakery.canonical_ops(got_ops), ops)
 
     def test_multiple_ops_in_id_with_version1(self):
         test_oven = bakery.Oven()
@@ -79,8 +79,8 @@ class TestOven(TestCase):
                bakery.Op('two', 'read')]
         m = test_oven.macaroon(bakery.VERSION_1, AGES, None, ops)
         got_ops, conds = test_oven.macaroon_ops([m.macaroon])
-        self.assertEquals(len(conds), 1)  # time-before caveat.
-        self.assertEquals(bakery.canonical_ops(got_ops), ops)
+        self.assertEqual(len(conds), 1)  # time-before caveat.
+        self.assertEqual(bakery.canonical_ops(got_ops), ops)
 
     def test_huge_number_of_ops_gives_small_macaroon(self):
         test_oven = bakery.Oven(
@@ -93,9 +93,9 @@ class TestOven(TestCase):
         m = test_oven.macaroon(bakery.LATEST_VERSION, AGES,
                                None, ops)
         got_ops, conds = test_oven.macaroon_ops([m.macaroon])
-        self.assertEquals(len(conds), 1)  # time-before caveat.
-        self.assertEquals(bakery.canonical_ops(got_ops),
-                          bakery.canonical_ops(ops))
+        self.assertEqual(len(conds), 1)  # time-before caveat.
+        self.assertEqual(bakery.canonical_ops(got_ops),
+                         bakery.canonical_ops(ops))
 
         data = m.serialize_json()
         self.assertLess(len(data), 300)
@@ -111,8 +111,8 @@ class TestOven(TestCase):
         m = test_oven.macaroon(bakery.LATEST_VERSION, AGES,
                                None, ops)
         got_ops, conds = test_oven.macaroon_ops([m.macaroon])
-        self.assertEquals(bakery.canonical_ops(got_ops),
-                          bakery.canonical_ops(ops))
+        self.assertEqual(bakery.canonical_ops(got_ops),
+                         bakery.canonical_ops(ops))
 
         # Make another macaroon containing the same ops in a different order.
         ops = [bakery.Op('one', 'write'),
@@ -121,4 +121,4 @@ class TestOven(TestCase):
                bakery.Op('two', 'read')]
         test_oven.macaroon(bakery.LATEST_VERSION, AGES, None,
                            ops)
-        self.assertEquals(len(st._store), 1)
+        self.assertEqual(len(st._store), 1)
diff --git a/setup.py b/setup.py
index 4cf63f0..3054997 100755
--- a/setup.py
+++ b/setup.py
@@ -10,8 +10,8 @@ from setuptools import (
 
 PROJECT_NAME = 'macaroonbakery'
 
-# version 1.3.1
-VERSION = (1, 3, 1)
+# version 1.3.4
+VERSION = (1, 3, 4)
 
 
 def get_version():
@@ -27,7 +27,7 @@ requirements = [
     'PyNaCl>=1.1.2,<2.0',
     'pymacaroons>=0.12.0,<1.0',
     'six>=1.11.0,<2.0',
-    'protobuf>=3.0.0,<4.0',
+    'protobuf>=3.20.0',
     'pyRFC3339>=1.0,<2.0',
     'ipaddress;python_version<"3"',
     'cryptography==1.3.2;python_full_version<"2.7.9"',