Skip to content

Bump rsa from 3.4.2 to 4.9.1#301

Open
dependabot[bot] wants to merge 1 commit intorelease-v0.9.xfrom
dependabot/uv/rsa-4.9.1
Open

Bump rsa from 3.4.2 to 4.9.1#301
dependabot[bot] wants to merge 1 commit intorelease-v0.9.xfrom
dependabot/uv/rsa-4.9.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026
edited
Loading

Bumps rsa from 3.4.2 to 4.9.1.

Changelog

Sourced from rsa's changelog.

Python-RSA changelog

Version 4.10 - in development

  • Drop support for Python 3.6 (#209) and declare support for 3.11 (#208).
  • Upgrade pytest dependency to fix a security issue.
  • Upgrade pytest-cov as well, for good measure.
  • Upgrade MyPy (#211).

Version 4.9 - release 2022-07-20

  • Remove debug logging from rsa/key.py (#194).
  • Remove overlapping slots in PrivateKey and PublicKey. (#189).
  • Do not include CHANGELOG/LICENSE/README.md in wheel (#191).
  • Fixed Key Generation Unittest: Public and Private keys are assigned the wrong way around (#188).

Version 4.8 - released 2021-11-24

  • Switch to Poetry for dependency and release management.
  • Compatibility with Python 3.10.
  • Chain exceptions using raise new_exception from old_exception (#157)
  • Added marker file for PEP 561. This will allow type checking tools in dependent projects to use type annotations from Python-RSA (#136).
  • Use the Chinese Remainder Theorem when decrypting with a private key. This makes decryption 2-4x faster (#163).

Version 4.7.2 - released 2021-02-24

  • Fix picking/unpickling issue introduced in 4.7 (#173)

Version 4.7.1 - released 2021-02-15

  • Fix threading issue introduced in 4.7 (#173)

Version 4.7 - released 2021-01-10

  • Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
  • Add padding length check as described by PKCS#1 v1.5 (Fixes

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 20, 2026
@dependabot
Bump rsa from 3.4.2 to 4.9.1
600cba5 
Bumps [rsa](https://github.com/sybrenstuvel/python-rsa) from 3.4.2 to 4.9.1.
- [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sybrenstuvel/python-rsa/commits)

---
updated-dependencies:
- dependency-name: rsa
  dependency-version: 4.9.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/rsa-4.9.1 branch from 291ffdc to 600cba5 Compare March 20, 2026 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants