* Remove Travis Python 3.7 hack
No longer necessary: 3.7 is supported out-of-the-box
* Add support for Python 3.8
And explicitly document in setup.py
* "Upgrade base Docker image to Python 3.8"a
* Add entry about py38 support in WIP changelog
* Explicitly declare python versions in setup.py
* Bump Werkzeug to 0.15.6
This is the latest 0.15 version. 0.16 might be incompatible
The fix we are looking for is in [0.15.5](http://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-5):
> Fix a TypeError due to changes to ast.Module in Python 3.8.
This addresses CVE-2018-10903:
A flaw was found in python-cryptography versions between >=1.9.0 and
<2.3. The finalize_with_tag API did not enforce a minimum tag
length. If a user did not validate the input length prior to passing
it to finalize_with_tag an attacker could craft an invalid payload
with a shortened tag (e.g. 1 byte) such that they would have a 1 in
256 chance of passing the MAC check. GCM tag forgeries can cause key
leakage.
... although snappass isn't affected because we doesn't use the
vulnerable `finalize_with_tag` API.
