BERT-for-Sequence-Labeling-and-Text-Classification
BERT-for-Sequence-Labeling-and-Text-Classification copied to clipboard
Bump ecdsa from 0.13 to 0.13.3
Bumps ecdsa from 0.13 to 0.13.3.
Release notes
Sourced from ecdsa's releases.
ecdsa 0.13.3
Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding
Also harden key decoding from string and DER encodings.
ecdsa 0.13.2
Restore compatibility of setup.py with Python 2.6 and 2.7.
ecdsa 0.13.1
Fix the PyPI wheel - the old version included .pyc files.
Changelog
Sourced from ecdsa's changelog.
- Release 0.14.1 (06 Nov 2019)
Remove the obsolete
six.py
file from wheel
- Release 0.14 (06 Nov 2019)
Bug fixes: Strict checking of DER requirements when parsing SEQUENCE, INTEGER, OBJECT IDENTIFIER and BITSTRING objects. DER parsers now consistently raise
UnexpectedDER
exception on malformed DER encoded byte strings. Make sure that both malformed and invalid signatures raiseBadSignatureError
. Ensure that allSigningKey
andVerifyingKey
methods that should accept bytes-like objects actually do accept them (also avoid copying input strings). MakeSigningKey.sign_digest_deterministic
use default object hashfunc when none was provided.encode_integer
now works for large integers. Makeencode_oid
andremove_object
correctly handle OBJECT IDENTIFIERs with large second subidentifier and padding in encoded subidentifiers.New features: Deterministic signature methods now accept
extra_entropy
parameter to further randomise the selection ofk
(the nonce) for signature, as specified in RFC6979. Recovery of public key from signature is now supported. Support for SEC1/X9.62 formatted keys, all three encodings are supported: "uncompressed", "compressed" and "hybrid". Both string, and PEM/DER will automatically accept them, if the size of the key matches the curve. Benchmarking application now provides performance numbers that are easier to compare against OpenSSL. Support for all Brainpool curves (non-twisted).New API:
CurveFp
:__str__
is now supported.SigningKey.sign_deterministic
,SigningKey.sign_digest_deterministic
andgenerate_k
: extra_entropy parameter was addedSignature.recover_public_keys
was addedVerifyingKey.from_public_key_recovery
andVerifyingKey.from_public_key_recovery_with_digest
were addedVerifyingKey.to_string
:encoding
parameter was addedVerifyingKey.to_der
andSigningKey.to_der
:point_encoding
parameter was added.encode_bitstring
:unused
parameter was addedremove_bitstring
:expect_unused
parameter was addedSECP256k1
is now part ofcurves
*
importCurves
:__repr__
is now supportedVerifyingKey
:__repr__
is now supportedDeprecations: Python 2.5 is not supported any more - dead code removal.
... (truncated)
Commits
-
7add221
update NEWS file for 0.13.3 -
5c4c74a
Merge pull request #124 from tomato42/backport-sig-decode -
1eb2c04
update README with error handling of from_string() and from_der() -
b95be03
execute also new tests in Travis -
99c907d
harden also key decoding -
3427fa2
ensure that the encoding is actually the minimal one for length and integer -
563d2ee
make variable names in remove_integer more aproppriate -
14abfe0
explicitly specify the distro to get py26 and py33 -
9080d1d
fix length decoding -
897178c
give the same handling to string encoded signatures as to DER - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.