Comment 13 for bug 1836823

> fill out Major Changes based on upstream release notes and understanding. Could Brad perhaps help with this?

Happy to help here.

There are no backwards incompatible API changes being made. All changes are either new features or fixes to keep the library's behavior compatible with the ACME protocol
which was only finalized in March of this year.

This is likely more detail than you want, but as a starting point, here are the relevant entries from our changelog at https://github.com/certbot/certbot/blob/master/CHANGELOG.md.

The changelog entries for the update from 0.31.0-1 to 0.31.0-2 are:

* The acme module uses now a POST-as-GET request to retrieve the registration from an ACMEv2 server.
* The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0.
* The Content-Type in the POST-as-GET request to retrieve a certificate was corrected from "application/pkix-cert" to "application/jose+json".

In addition to those changes, the relevant changelog entries when updating from 0.23.0 are:

* Added support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module.
* Added External Account Binding support.
* Use the ACMEv2 newNonce endpoint when a new nonce is needed, and newNonce is available in the directory.
* Warn when using deprecated acme.challenges.TLSSNI01
* When using acme.client.ClientV2 (or acme.client.BackwardsCompatibleClientV2 with an ACME server that supports a newer version of the ACME protocol), an acme.errors.ConflictError will be raised if you try to create an ACME account with a key that has already been used. Previously, a JSON parsing error was raised in this scenario when using the library with Let's Encrypt's ACMEv2 endpoint.
* You can now call query_registration without having to first call new_account on acme.client.ClientV2 objects.
* Support for the ready status type was added to acme. Without this change, Certbot and acme users will begin encountering errors when using Let's Encrypt's ACMEv2 API starting on June 19th for the staging environment and July 5th for production. See https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 for more information.
* acme now supports specifying the source address to bind to when sending outgoing connections.
* acme now requires and uses pytest when running tests with setuptools with python setup.py test.
* acme now parses the wildcard field included in authorizations so it can be used by users of the library.

Please let me know if there's anything else I can do to help!