Skip to content

chore(deps): bump pyasn1 from 0.4.8 to 0.6.3 in /backend#818

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/pyasn1-0.6.3
Open

chore(deps): bump pyasn1 from 0.4.8 to 0.6.3 in /backend#818
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/pyasn1-0.6.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2026

Bumps pyasn1 from 0.4.8 to 0.6.3.

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

  • Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
  • Fixed OverflowError from oversized BER length field.
  • Fixed DeprecationWarning stacklevel for deprecated attributes.
  • Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

  • Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
  • Added support for Python 3.14.
  • Added SECURITY.md policy.
  • Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Release 0.6.1

It's a minor release.

  • Added support for Python 3.13.
  • Cleaned Python 2-related code.
  • Removed bdist_wheel universal flag from setup.cfg.

All changes are noted in the CHANGELOG.

Release 0.6.0

It's a major release where we drop Python 2 support entirely. The most significant changes are:

  • Removed support for EOL Python 2.7, 3.6, 3.7
  • Added support for previously missing RELATIVE-OID construct
  • Updated link to Layman's Guide

All changes are noted in the CHANGELOG.

Release 0.5.1

It's a minor release.

  • Added support for PyPy 3.10 and Python 3.12
  • Updated RTD configuration to include a dummy index.rst redirecting to contents.html, ensuring compatibility with third-party documentation and search indexes.
  • Fixed the API breakage wih decoder.decode(substrateFun=...). A substrateFun passed to decoder.decode() can now be either v0.4 Non-Streaming or v0.5 Streaming. pyasn1 will detect and handle both cases transparently. A substrateFun passed to one of the new streaming decoders is still expected to be v0.5 Streaming only.

All changes are noted in the CHANGELOG.

... (truncated)

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

Revision 0.6.2, released 16-01-2026

Revision 0.6.1, released 10-09-2024

... (truncated)

Commits
  • af65c3b Prepare release 0.6.3
  • 5a49bd1 Merge commit from fork
  • 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
  • 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
  • d7cb42d Fix OverflowError from oversized BER length field (#100)
  • e7356f8 Prepare release 0.6.2
  • 3908f14 Merge commit from fork
  • 0a7e067 Add support for Python 3.14 (#97)
  • 33656e9 Create Security Policy
  • fa62307 fix for issue #91: unit tests failing due to missing code (#92)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump pyasn1 from 0.4.8 to 0.6.3 in /backend
648bcd0 
Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.4.8 to 0.6.3.
- [Release notes](https://github.com/pyasn1/pyasn1/releases)
- [Changelog](https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst)
- [Commits](pyasn1/pyasn1@v0.4.8...v0.6.3)

---
updated-dependencies:
- dependency-name: pyasn1
  dependency-version: 0.6.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants