one-ssh icon indicating copy to clipboard operation
one-ssh copied to clipboard

Published 20 hours ago verified publisher icon kt97679

Bump asyncssh from 1.10.1 to 1.12.1 in /py

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps asyncssh from 1.10.1 to 1.12.1.

Changelog

Sourced from asyncssh's changelog.

Release 1.12.1 (10 Mar 2018)

  • Implemented a fix for CVE-2018-7749, where a modified SSH client could request that an AsyncSSH server perform operations before authentication had completed. Thanks go to Matthijs Kooijman for discovering and reporting this issue and helping to review the fix.

  • Added a non-blocking collect_output() method to SSHClientProcess to allow applications to retrieve data received on an output stream without blocking. This call can be called multiple times and freely intermixed with regular read calls with a guarantee that output will always be returned in order and without duplication.

  • Updated debug logging implementation to make it more maintainable, and to fix an issue where unprocessed packets were not logged in some cases.

  • Extended the support below for non-ASCII characters in comments to apply to X.509 certificates, allowing an optional encoding to be passed in to get_comment() and set_comment() and a get_comment_bytes() function to get the raw comment bytes without performing Unicode decoding.

  • Fixed an issue where a UnicodeDecodeError could be reported in some cases instead of a KeyEncryptionError when a private key was imported using the wrong passphrase.

  • Fixed the reporting of the MAC algorithm selected during key exchange to properly report the cipher name for GCM and Chacha ciphers that don't use a separate MAC algorithm. The correct value was being returned in queries after the key exchange was complete, but the logging was being done before this adjustment was made.

  • Fixed the documentation of connection_made() in SSHSession subclasses to properly reflect the type of SSHChannel objects passed to them.

Release 1.12.0 (5 Feb 2018)

  • Enhanced AsyncSSH logging framework to provide detailed logging of events in the connection, channel, key exchange, authentication, sftp, and scp modules. Both high-level information logs and more detailed debug logs are available, and debug logging supports multiple debug levels with different amounts of verboseness. Logger objects are also available on various AsyncSSH classes to allow applications to report their own log events in a manner that can be tied back to a specific SSH connection or channel.

  • Added support for begin_auth() to be a coroutine, so asynchronous operations can be performed within it to load state needed to perform SSH authentication.

... (truncated)

Commits
  • c161e26 Bump version number up to 1.12.1 and update change log and copyright
  • fe048ca Fix logging of MAC algorithm for Chacha and GCM ciphers
  • 8153f3c One additional packet logging simplification and a small bug fix
  • 5a7ca8d Additional work to simplify packet logging
  • 56a8c99 Rework handling of unprocessed packets to make it more maintainable
  • 03effdd Move logging of packet with bad channel to before other debug message
  • 30d50b1 Fix an issue where some unprocessed packets were not being logged
  • 16e6ebf Reject global and channel requests sent prior to auth being completed
  • f18a104 Allow non-UTF8 comment data when generating or importing X.509 certificates
  • ba5d90e Avoid possible UnicodeDecodeError when loading encrypted keys
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Aug 03 '23 22:08 dependabot[bot]