Skip to content

Update rsa requirement from <4.8,>=3.1.2 to >=3.1.2,<4.10 #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update rsa requirement from <4.8,>=3.1.2 to >=3.1.2,<4.10 #52

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 16, 2025
edited
Loading

Updates the requirements on rsa to permit the latest version.

Changelog

Sourced from rsa's changelog.

Python-RSA changelog

Version 4.10 - in development

  • Drop support for Python 3.6 (#209) and declare support for 3.11 (#208).
  • Upgrade pytest dependency to fix a security issue.
  • Upgrade pytest-cov as well, for good measure.
  • Upgrade MyPy (#211).

Version 4.9 - release 2022-07-20

  • Remove debug logging from rsa/key.py (#194).
  • Remove overlapping slots in PrivateKey and PublicKey. (#189).
  • Do not include CHANGELOG/LICENSE/README.md in wheel (#191).
  • Fixed Key Generation Unittest: Public and Private keys are assigned the wrong way around (#188).

Version 4.8 - released 2021-11-24

  • Switch to Poetry for dependency and release management.
  • Compatibility with Python 3.10.
  • Chain exceptions using raise new_exception from old_exception (#157)
  • Added marker file for PEP 561. This will allow type checking tools in dependent projects to use type annotations from Python-RSA (#136).
  • Use the Chinese Remainder Theorem when decrypting with a private key. This makes decryption 2-4x faster (#163).

Version 4.7.2 - released 2021-02-24

  • Fix picking/unpickling issue introduced in 4.7 (#173)

Version 4.7.1 - released 2021-02-15

  • Fix threading issue introduced in 4.7 (#173)

Version 4.7 - released 2021-01-10

  • Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
  • Add padding length check as described by PKCS#1 v1.5 (Fixes

... (truncated)

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 16, 2025

Labels

The following labels could not be found: dependencies, v1. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot force-pushed the dependabot/pip/develop/rsa-gte-3.1.2-and-lt-4.10 branch 6 times, most recently from f6a46c0 to 3f61715 Compare April 23, 2025 23:29
@dependabot dependabot bot force-pushed the dependabot/pip/develop/rsa-gte-3.1.2-and-lt-4.10 branch 5 times, most recently from 94bc3ea to cf86177 Compare April 30, 2025 23:29
@dependabot dependabot bot force-pushed the dependabot/pip/develop/rsa-gte-3.1.2-and-lt-4.10 branch 5 times, most recently from e9156cb to 6352588 Compare May 7, 2025 23:29
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github May 7, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot dependabot bot force-pushed the dependabot/pip/develop/rsa-gte-3.1.2-and-lt-4.10 branch 5 times, most recently from e1b0bbe to 095ac8e Compare May 14, 2025 23:29
@dependabot
Update rsa requirement from <4.8,>=3.1.2 to >=3.1.2,<4.10
4e5d12a 
Updates the requirements on [rsa](https://github.com/sybrenstuvel/python-rsa) to permit the latest version.
- [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sybrenstuvel/python-rsa/commits)

---
updated-dependencies:
- dependency-name: rsa
  dependency-version: 4.9.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/develop/rsa-gte-3.1.2-and-lt-4.10 branch from 095ac8e to 4e5d12a Compare May 15, 2025 23:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant