Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Bump pycryptodome from 3.6.1 to 3.6.6 in the pip group across 1 directory#1

Open
dependabot[bot] wants to merge 1 commit intomasterzaibon/httpsig-1:masterfrom
dependabot/pip/pip-f21e58e5b1zaibon/httpsig-1:dependabot/pip/pip-f21e58e5b1Copy head branch name to clipboard
Open

Bump pycryptodome from 3.6.1 to 3.6.6 in the pip group across 1 directory#1
dependabot[bot] wants to merge 1 commit intomasterzaibon/httpsig-1:masterfrom
dependabot/pip/pip-f21e58e5b1zaibon/httpsig-1:dependabot/pip/pip-f21e58e5b1Copy head branch name to clipboard

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 21, 2024

Bumps the pip group with 1 update in the / directory: pycryptodome.

Updates pycryptodome from 3.6.1 to 3.6.6

Release notes

Sourced from pycryptodome's releases.

v3.21.0 - Bourdeaux (pycryptodomex)

New features

  • By setting the PYCRYPTODOME_DISABLE_GMP environment variable, the GMP library will not be used even if detected.
  • Add support for Curve25519 / X25519.
  • Add support for Curve448 / X448.
  • Add attribute curve to EccPoint and EccXPoint classes, with the canonical name of the curve.
  • GH#781: the label for the SP800_108_Counter KDF may now contain zero bytes. Thanks to Julien Rische.
  • GH#814: RSA keys for PSS can be imported.

Resolved issues

  • GH#810: fixed negation of Ed25519 points.
  • GH#819: accept an RFC5916 ECPrivateKey even if it doesn't contain any of the optional elements (parameters [0] and publicKey[1]).

Other changes

  • Remove support for Python 3.5.

v3.20.0 - Amiens (pycryptodomex)

New features

  • Added support for TurboSHAKE128 and TurboSHAKE256.
  • Added method Crypto.Hash.new() to generate a hash object given a hash name.
  • Added support for AES-GCM encryption of PBES2 and PKCS#8 containers.
  • Added support for SHA-2 and SHA-3 algorithms in PBKDF2 when creating PBES2 and PKCS#8 containers.
  • Export of RSA keys accepts the prot_params dictionary as parameter to control the number of iterations for PBKDF2 and scrypt.
  • C unit tests also run on non-x86 architectures.

Resolved issues

  • GH#787: Fixed autodetect logic for GCC 14 in combination with LTO.

v3.19.1 - Zeil (pycryptodomex)

Resolved issues

  • Fixed a side-channel leakage with OAEP decryption that could be exploited to carry out a Manger attack. Thanks to Hubert Kario.

v3.19.0 - Ulm (pycryptodomex)

... (truncated)

Changelog

Sourced from pycryptodome's changelog.

3.6.6 (17 August 2018) ++++++++++++++++++++++

Resolved issues

  • GH#198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).

3.6.5 (12 August 2018) ++++++++++++++++++++++

Resolved issues

  • GH#187: Fixed incorrect AES encryption/decryption with AES acceleration on x86 due to gcc's optimization and strict aliasing rules.
  • GH#188: More prime number candidates than necessary where discarded as composite due to the limited way D values were searched in the Lucas test.
  • Fixed ResouceWarnings and DeprecationWarnings.
  • Workaround for Python 3.7.0 bug on Windows (https://bugs.python.org/issue34108).

3.6.4 (10 July 2018) +++++++++++++++++++++

New features

  • Build Python 3.7 wheels on Linux, Windows and Mac.

Resolved issues

  • GH#178: Rename _cpuid module to make upgrades more robust.
  • More meaningful exceptions in case of mismatch in IV length (CBC/OFB/CFB modes).
  • Fix compilation issues on Solaris 10/11.

3.6.3 (21 June 2018) +++++++++++++++++++++

Resolved issues

  • GH#175: Fixed incorrect results for CTR encryption/decryption with more than 8 blocks.

3.6.2 (19 June 2018) +++++++++++++++++++++

New features

  • ChaCha20 accepts 96 bit nonces (in addition to 64 bit nonces)

... (truncated)

Commits
  • 3506836 Update to Changelog
  • d1739c6 Fix issue #198: AESNI breaks with messages shorter than 16 bytes
  • df80035 Bump version
  • e16bc22 Update to Changelog
  • d97a099 Deal with strict aliasing when extracting SSE2 values
  • f25c0e5 Drop mpir.dll from packaging
  • 9990033 Jacobi symbol not defined for negative n, add more test vectors
  • 8bdb02e Merge branch 'lucas'
  • 66fdb1f Increase testing for primality
  • 4994e3d Update Changelog
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump pycryptodome in the pip group across 1 directory
6dd994f 
Bumps the pip group with 1 update in the / directory: [pycryptodome](https://github.com/Legrandin/pycryptodome).


Updates `pycryptodome` from 3.6.1 to 3.6.6
- [Release notes](https://github.com/Legrandin/pycryptodome/releases)
- [Changelog](https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst)
- [Commits](Legrandin/pycryptodome@v3.6.1...v3.6.6)

---
updated-dependencies:
- dependency-name: pycryptodome
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Morty Proxy This is a proxified and sanitized view of the page, visit original site.