Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency rsa to v4 #358

Merged
merged 1 commit into from
Jul 29, 2019

Conversation

renovate-bot
Copy link
Contributor

This PR contains the following updates:

Package Update Change
rsa major >=3.1.4,<4.0 -> >=3.1.4,<4.1

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

@googlebot googlebot added the cla: yes This human has signed the Contributor License Agreement. label Jul 29, 2019
@busunkim96 busunkim96 merged commit 379dd3e into googleapis:master Jul 29, 2019
@renovate-bot renovate-bot deleted the renovate/rsa-4.x branch July 29, 2019 18:18
@tseaver
Copy link
Contributor

tseaver commented Jul 29, 2019

@busunkim96 There is a signature change in rsa v4 which might be an issue:

- Added function `rsa.find_signature_hash()` to return the name of the hashing
  algorithm used to sign a message. `rsa.verify()` now also returns that name,
  instead of always returning `True`.

I don't know if anybody using this library will be affected.by having our _python_rsa.RSAVerifier.verify return a string rather than True.

@busunkim96
Copy link
Contributor

@tseaver Is it sufficient to call that out in the next set of release notes? Or should I make a PR to modify that method?

@tseaver
Copy link
Contributor

tseaver commented Jul 29, 2019

@busunkim96

Is it sufficient to call that out in the next set of release notes? Or should I make a PR to modify that method?

I'm not sure: google-cloud-python doesn't use RSAVerifier.verify directly. It seems safer to me to wrap the return value in bool().

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants