Aws-cli: Update rsa requirements

Created on 8 Jul 2020  路  5Comments  路  Source: aws/aws-cli

Confirm by changing [ ] to [x] below to ensure that it's a bug:

Describe the bug
requires rsa <=3.5.0, and 4.6 is now released.

Initial testing with awscli 1.18.95 and rsa 4.6 shows no regressions.

feature-request third-party
Source
picture limburgher
👍1

Most helpful comment

additionally, there are multiple known security issues with older versions of rsa

These have been fixed in rsa versions >=4.2.0 ...and as noted above current version is 4.6.0 (released in June 2020) -- would be great if aws would upgrade this rsa dependency soon because we have pinned the rsa version==4.6.0

Importantly aws-cli==1.18.115 fails to pip install using the new pip dependency resolver currently in beta in pip==20.2.1 (python -m pip install -r requirements.txt --use-feature=2020-resolver). This will fail all the time when pip releases 20.3

picture surfaceowl on 8 Aug 2020
👍3

All 5 comments

+1 on this since https://github.com/sybrenstuvel/python-rsa/blob/master/CHANGELOG.md

Regarding 4.6

No functional changes compared to version 4.2.

Whereas 4.5 is virtually retagged 4.0

jekriske-lilly picture jekriske-lilly on 16 Jul 2020

Hi @limburgher and @jekriske-lilly ,

See this PR for a recent change to the RSA requirements: https://github.com/aws/aws-cli/pull/5355

Now at a max of <=4.5.0 depending on the Python version.

kdaily picture kdaily on 20 Jul 2020

Thank you. I'm still modifying this on Fedora to work with 4.7.

limburgher picture limburgher on 20 Jul 2020

@kdaily Thanks, looking for 4.6 to align with the currently released version on PyPi for which the author claims would still be compatible.

jekriske-lilly picture jekriske-lilly on 20 Jul 2020

additionally, there are multiple known security issues with older versions of rsa

These have been fixed in rsa versions >=4.2.0 ...and as noted above current version is 4.6.0 (released in June 2020) -- would be great if aws would upgrade this rsa dependency soon because we have pinned the rsa version==4.6.0

Importantly aws-cli==1.18.115 fails to pip install using the new pip dependency resolver currently in beta in pip==20.2.1 (python -m pip install -r requirements.txt --use-feature=2020-resolver). This will fail all the time when pip releases 20.3

surfaceowl picture surfaceowl on 8 Aug 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alexejk picture alexejk  路  3Comments
hapx101 picture hapx101  路  3Comments
levequej picture levequej  路  3Comments
rahul003 picture rahul003  路  3Comments
vadimkim picture vadimkim  路  3Comments