Skip to content

chore(deps): bump ecdsa from 0.19.1 to 0.19.2#15690

Open
dependabot[bot] wants to merge 7 commits intomainfrom
dependabot/pip/ecdsa-0.19.2
Open

chore(deps): bump ecdsa from 0.19.1 to 0.19.2#15690
dependabot[bot] wants to merge 7 commits intomainfrom
dependabot/pip/ecdsa-0.19.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps ecdsa from 0.19.1 to 0.19.2.

Release notes

Sourced from ecdsa's releases.

0.19.2

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.
Changelog

Sourced from ecdsa's changelog.

  • Release 0.19.2 (26 Mar 2026)

Bug fixes:

  • Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(), remove_constructed(), and remove_implitic() where a truncated buffer wasn't detected. This can lead to high level functions, like SigningKey.from_der() to raise unexpected exceptions. (Mohamed Abdelaal (0xmrma))

Maintenance:

  • Update CI to use newer version of Ubuntu.

  • Release 0.19.1 (13 Mar 2025)

New API:

  • der.remove_implitic and der.encode_implicit for decoding and encoding DER IMPLICIT values with custom tag values and arbitrary classes

Bug fixes:

  • Minor fixes around arithmetic with curves that have non-prime order (useful for experimentation, not practical deployments)
  • Fix arithmetic to work with curves that have (0, 0) on the curve
  • Fix canonicalization of signatures when s is just slightly above half of curve order

Maintenance:

  • Dropped official support for Python 3.5 (again, issues with CI, support for Python 2.6 and Python 2.7 is unchanged)

  • Officialy support Python 3.12 and 3.13 (add them to CI)

  • Removal of few more unnecessary six.b literals (Alexandre Detiste)

  • Fix typos in warning messages

  • Release 0.19.0 (08 Apr 2024)

New API:

  • to_ssh in VerifyingKey and SigningKey, supports Ed25519 keys only (Pablo Mazzini)

New features:

  • Support for twisted Brainpool curves

Doc fix:

  • Fix curve equation in glossary
  • Documentation for signature encoding and signature decoding functions

Maintenance:

  • Dropped official support for 3.3 and 3.4 (because of problems running them in CI, not because it's actually incompatible; support for 2.6 and 2.7 is

... (truncated)

Commits
  • bd66899 Merge commit from fork
  • 9c046ee tests: reject truncated DER lengths
  • acc40fd der: reject truncated lengths in octet/implicit/constructed
  • 55aca78 Merge pull request #363 from gstarovo/ubuntu20-deprecation
  • c4f0df1 chore: change to ubuntu-22 since u-20 is deprecated
  • See full diff in compare view

@dependabot dependabot bot added backend dependencies Pull requests that update a dependency file engineering pip Used for dependabot PR's having to do with pip/python labels Mar 27, 2026
adalcima and others added 7 commits March 31, 2026 11:44
@adalcima
Implement Expert profile page backend (#15674)
6249bb6 
* Implement Expert profile page backend

* Fix broken tests

* Update expert profile template

* Add django-countries to use in the location field
@robdivincenzo
Merge branch 'main' into feature/expert-gallery-hub
c2e57fe
@robdivincenzo
Merge branch 'main' into feature/expert-gallery-hub
7e3e883
@robdivincenzo
Gallery Hub Backend (#15638)
c4d170e 
* Gallery block backend init

* Project page initial backend

* Limit Gallery Card to Project Page

* Gallery page init

* Remove unused includes

* Add project label snippet and relation

* Add gallery year, add filters

* Formatting

* gallery hub factories

* gallery project full row for now

* move topics factory to base, call before page creation

* fake gallery data, add lede_text

* Squash migrations and formatting

* formatting

* Remove old migrations

* rebuild migrations
@adalcima
Merge branch 'feature/expert-gallery-hub' into main
f865cfc
@danielfmiranda
reverting of gallery expert hub changes for now
2cf02e2
@dependabot
chore(deps): bump ecdsa from 0.19.1 to 0.19.2
7d53861 
Bumps [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/tlsfuzzer/python-ecdsa/releases)
- [Changelog](https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS)
- [Commits](tlsfuzzer/python-ecdsa@python-ecdsa-0.19.1...python-ecdsa-0.19.2)

---
updated-dependencies:
- dependency-name: ecdsa
  dependency-version: 0.19.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/ecdsa-0.19.2 branch from ad03943 to 7d53861 Compare April 6, 2026 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend dependencies Pull requests that update a dependency file engineering pip Used for dependabot PR's having to do with pip/python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adalcima @robdivincenzo @danielfmiranda