Skip to content

Bump the pip group with 3 updates #391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 26, 2025
Merged

Bump the pip group with 3 updates #391

merged 1 commit into from
Apr 26, 2025
+141 −102

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 24, 2025
edited
Loading

Bumps the pip group with 3 updates: h11, rsa and torch.

Updates h11 from 0.14.0 to 0.16.0

Commits

Updates rsa from 4.2 to 4.7

Changelog

Sourced from rsa's changelog.

Version 4.7 - released 2021-01-10

  • Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code
  • Add padding length check as described by PKCS#1 v1.5 (Fixes #164)
  • Reuse of blinding factors to speed up blinding operations. Fixes #162.
  • Declare & test support for Python 3.9

Version 4.4 & 4.6 - released 2020-06-12

Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires Python 3.5+. To avoid older Python installations from trying to upgrade to RSA 4.4, this is now made explicit in the python_requires argument in setup.py. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.4 as 4.6 as well.

No functional changes compared to version 4.2.

Version 4.3 & 4.5 - released 2020-06-12

Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the last to support Python 2.7. This is now made explicit in the python_requires argument in setup.py. Python 3.4 is not supported by this release. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as 4.5 as well.

Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.

  • Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
  • Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out.
Commits

Updates torch from 2.6.0 to 2.7.0

Release notes

Sourced from torch's releases.

PyTorch 2.7.0 Release Notes

Highlights

... (truncated)

Commits
  • 1341794 Gracefully handle optree less than minimum version, part 2 (#151323)
  • 0739127 Gracefully handle optree less than minimum version (#150977)
  • 0c236f3 Update triton wheel build, setuptools pin (#150953)
  • c7ff78d Fix inplacing with multiple, fused uses (#150892)
  • 894909a Revert "[CUDA] Only use vec128 if CUDA version is newer than 12.8" (#150855)
  • ef2b139 [Manylinux 2.28] Correct Linux aarch64 cuda binaries wheel name (#150820)
  • 3f236f1 [CUDA] Only use vec128 if CUDA version is newer than 12.8 (#150818)
  • 35f1e76 Reland of "[ROCm] change preferred blas lib defaults (#150249)"" (#150707)
  • a6321d6 Revert "Dont exclude constant_pad_nd in prologue fusion" (#150699)
  • 1cc51c6 [CUDA][avgpool2d] Fix backward launch bounds again for sm100, sm120 (#150...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 24, 2025
@dependabot
Bump the pip group with 3 updates

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
400cad2 
Bumps the pip group with 3 updates: [h11](https://github.com/python-hyper/h11), [rsa](https://github.com/sybrenstuvel/python-rsa) and [torch](https://github.com/pytorch/pytorch).


Updates `h11` from 0.14.0 to 0.16.0
- [Commits](python-hyper/h11@v0.14.0...v0.16.0)

Updates `rsa` from 4.2 to 4.7
- [Changelog](https://github.com/sybrenstuvel/python-rsa/blob/main/CHANGELOG.md)
- [Commits](sybrenstuvel/python-rsa@version-4.2...version-4.7)

Updates `torch` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: h11
  dependency-version: 0.16.0
  dependency-type: indirect
  dependency-group: pip
- dependency-name: rsa
  dependency-version: '4.7'
  dependency-type: indirect
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/pip/pip-de9321df90 branch from 7f8fe1a to 400cad2 Compare April 26, 2025 04:27
@prasmussen15 prasmussen15 merged commit cb20d0e into main Apr 26, 2025
5 checks passed
@prasmussen15 prasmussen15 deleted the dependabot/pip/pip-de9321df90 branch April 26, 2025 04:30
@getzep getzep locked and limited conversation to collaborators Apr 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@prasmussen15