Bump pyasn1 from 0.4.8 to 0.6.3 in /forms-flow-data-analysis-api

[dependabot]

User description

Bumps pyasn1 from 0.4.8 to 0.6.3.

Release notes

Sourced from pyasn1's releases.

Release 0.6.3

It's a minor release.

• Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).
• Fixed OverflowError from oversized BER length field.
• Fixed DeprecationWarning stacklevel for deprecated attributes.
• Fixed asDateTime incorrect fractional seconds parsing.

All changes are noted in the CHANGELOG.

Release 0.6.2

It's a minor release.

• Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).
• Added support for Python 3.14.
• Added SECURITY.md policy.
• Migrated to pyproject.toml packaging.

All changes are noted in the CHANGELOG.

Release 0.6.1

It's a minor release.

• Added support for Python 3.13.
• Cleaned Python 2-related code.
• Removed bdist_wheel universal flag from setup.cfg.

All changes are noted in the CHANGELOG.

Release 0.6.0

It's a major release where we drop Python 2 support entirely. The most significant changes are:

• Removed support for EOL Python 2.7, 3.6, 3.7
• Added support for previously missing RELATIVE-OID construct
• Updated link to Layman's Guide

All changes are noted in the CHANGELOG.

Release 0.5.1

It's a minor release.

• Added support for PyPy 3.10 and Python 3.12
• Updated RTD configuration to include a dummy index.rst redirecting to contents.html, ensuring compatibility with third-party documentation and search indexes.
• Fixed the API breakage wih decoder.decode(substrateFun=...). A substrateFun passed to decoder.decode() can now be either v0.4 Non-Streaming or v0.5 Streaming. pyasn1 will detect and handle both cases transparently. A substrateFun passed to one of the new streaming decoders is still expected to be v0.5 Streaming only.

All changes are noted in the CHANGELOG.

... (truncated)

Changelog

Sourced from pyasn1's changelog.

Revision 0.6.3, released 16-03-2026

• CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (thanks for reporting, romanticpragmatism)
• Fixed OverflowError from oversized BER length field [issue #54](pyasn1/pyasn1#54) [pr #100](pyasn1/pyasn1#100)
• Fixed DeprecationWarning stacklevel for deprecated attributes [issue #86](pyasn1/pyasn1#86) [pr #101](pyasn1/pyasn1#101)
• Fixed asDateTime incorrect fractional seconds parsing [issue #81](pyasn1/pyasn1#81) [pr #102](pyasn1/pyasn1#102)

Revision 0.6.2, released 16-01-2026

• CVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits in OID/RELATIVE-OID decoder (thanks to tsigouris007)
• Added support for Python 3.14 [pr #97](pyasn1/pyasn1#97)
• Added SECURITY.md policy
• Fixed unit tests failing due to missing code [issue #91](pyasn1/pyasn1#91) [pr #92](pyasn1/pyasn1#92)
• Migrated to pyproject.toml packaging [pr #90](pyasn1/pyasn1#90)

Revision 0.6.1, released 10-09-2024

• Added support for Python 3.13 and updated GitHub Actions [pr #73](pyasn1/pyasn1#73)
• Removed Python 2 support and related code [pr #62](pyasn1/pyasn1#62) [pr #61](pyasn1/pyasn1#61) [pr #60](pyasn1/pyasn1#60)
• Improved error handling and consistency [pr #71](pyasn1/pyasn1#71) [pr #70](pyasn1/pyasn1#70)
• Runtime deprecation of tagMap and typeMap aliases [pr #72](pyasn1/pyasn1#72)
• Fixed duplicated and missing declarations [pr #64](pyasn1/pyasn1#64)
• Cleaned documentation and comments [pr #63](pyasn1/pyasn1#63)
• Removed bdist_wheel universal flag from setup.cfg [pr #69](pyasn1/pyasn1#69)

... (truncated)

Commits

• af65c3b Prepare release 0.6.3
• 5a49bd1 Merge commit from fork
• 5494ba4 Fix asDateTime incorrect fractional seconds parsing (#102)
• 71f486e Fix DeprecationWarning stacklevel for deprecated attributes (#101)
• d7cb42d Fix OverflowError from oversized BER length field (#100)
• e7356f8 Prepare release 0.6.2
• 3908f14 Merge commit from fork
• 0a7e067 Add support for Python 3.14 (#97)
• 33656e9 Create Security Policy
• fa62307 fix for issue #91: unit tests failing due to missing code (#92)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

PR Type

Enhancement

---

Description

• Bump pyasn1 to 0.6.3

• Update data analysis API dependency

• Pull in upstream security fixes

---

Diagram Walkthrough

flowchart LR
  req["`requirements.txt`"]
  old["`pyasn1 0.4.8`"]
  new["`pyasn1 0.6.3`"]
  req -- "updates dependency" --> old
  old -- "bumped to" --> new

Loading

File Walkthrough

	Relevant files
Dependencies	requirements.txt Upgrade `pyasn1` dependency version                                            forms-flow-data-analysis-api/requirements.txt Update pyasn1 from 0.4.8 to 0.6.3 Keep the rest of the dependency list unchanged Refresh production dependency for the analysis API +1/-1

---

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ❌ 90 - Not compliant Non-compliant requirements: Bump lodash from 4.17.19 to 4.17.21 Apply the change under /forms-flow-web/forms-flow-util Deliver the dependency/security update for the JavaScript package 64 - Not compliant Non-compliant requirements: Add OpenShift templates 101 - Not compliant Non-compliant requirements: Bump merge-deep from 3.0.2 to 3.0.3 Apply the change under /forms-flow-web Deliver the dependency/security update for the JavaScript package

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Compatibility Risk This is a substantial version jump for pyasn1, so the reviewer should validate that all transitive consumers in the data-analysis API remain compatible and that installation/runtime behavior is unchanged in CI and deployment environments. pyasn1==0.6.3

[github-actions]

PR Code Suggestions ✨

No code suggestions found for the PR.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud