search

jsk-ros-pkg / jsk_3rdparty

42 stars 60 forks source link

Bump rsa from 4.5 to 4.7 in /ros_google_cloud_language #393

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps rsa from 4.5 to 4.7.

Changelog

Sourced from rsa's changelog.

Version 4.7 - released 2021-01-10

  • Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
  • Add padding length check as described by PKCS#1 v1.5 (Fixes #164)
  • Reuse of blinding factors to speed up blinding operations. Fixes #162.
  • Declare & test support for Python 3.9

Version 4.4 & 4.6 - released 2020-06-12

Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires Python 3.5+. To avoid older Python installations from trying to upgrade to RSA 4.4, this is now made explicit in the python_requires argument in setup.py. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.4 as 4.6 as well.

No functional changes compared to version 4.2.

Commits
  • fa3282a Bumped version to 4.7
  • a364e82 Marked version 4.7 as released
  • 539c54a Fix #170: mistake in examples of documentation
  • b81e317 Declare support for and test Python 3.9
  • 06ec1ea Fix #162: Blinding uses slow algorithm
  • 341e5c4 Directly raise DecryptionError when crypto length is bad
  • f254895 Use bytes.find() instead of bytes.index()
  • 240b0d8 Add link to changelog
  • f878c37 Fix #164: Add padding length check as described by PKCS#1 v1.5
  • dae8ce0 Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jsk-ros-pkg/jsk_3rdparty/network/alerts).
k-okada commented 1 year ago

closing due to compile errors

2023-02-23T05:20:45.6554735Z                                                                                 
2023-02-23T05:20:45.6554995Z [ros_speech_recognition:make] Installing pip, wheel...
2023-02-23T05:20:45.6555166Z 
2023-02-23T05:20:45.6555274Z                                                                                 
2023-02-23T05:20:45.6555531Z [ros_speech_recognition:make]   Collecting pip
2023-02-23T05:20:45.6555691Z 
2023-02-23T05:20:45.6555696Z 
2023-02-23T05:20:45.6555802Z                                                                                 
2023-02-23T05:20:45.6556100Z [ros_speech_recognition:make]     Cache entry deserialization failed, entry ignored
2023-02-23T05:20:45.6556304Z 
2023-02-23T05:20:45.6556308Z 
2023-02-23T05:20:45.6556419Z                                                                                 
2023-02-23T05:20:45.6557048Z [ros_speech_recognition:make]     Using cached https://files.pythonhosted.org/packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
2023-02-23T05:20:47.7205024Z 
2023-02-23T05:20:47.7205033Z 
2023-02-23T05:20:47.7205528Z                                                                                 
2023-02-23T05:20:47.7206631Z [ros_google_cloud_language:make] ERROR: Could not find a version that satisfies the requirement rsa==4.7 (from -r /github/home/ros/ws_jsk_3rdparty/src/jsk_3rdparty/ros_google_cloud_language/requirements.txt (line 20)) (from versions: 1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.3.3, 3.0, 3.0.1, 3.1, 3.1.1, 3.1.2, 3.1.4, 3.2, 3.2.2, 3.2.3, 3.3, 3.4, 3.4.1, 3.4.2, 4.0, 4.1.1, 4.2, 4.3, 4.4, 4.5, 4.7.1)
2023-02-23T05:20:47.7214827Z 
2023-02-23T05:20:47.7214838Z 
2023-02-23T05:20:47.7215009Z                                                                                 
2023-02-23T05:20:47.7215848Z [ros_google_cloud_language:make] ERROR: No matching distribution found for
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.