fix(deps): add pyasn1 >= 0.6.3 for CVE-2026-30922

[B-Whitt]

Summary

• Adds pyasn1 >= 0.6.3 as a direct constraint to address CVE-2026-30922 (CVSS 7.5 High)
• pyasn1 was vulnerable to DoS via unbounded recursion when decoding deeply nested ASN.1 structures
• Also upgrades pyasn1-modules 0.3.0 → 0.4.2 (required for pyasn1 0.6.x compatibility)

Changes

File	Change
pyproject.toml	Add pyasn1 = ">=0.6.3" constraint
poetry.lock	pyasn1 0.5.0 → 0.6.3, pyasn1-modules 0.3.0 → 0.4.2

Ref: AAP-69032

Summary by CodeRabbit

• Chores
  • Updated project dependencies to include a new required library.

[coderabbitai]

Warning

Rate limit exceeded

@B-Whitt has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 34 minutes and 15 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 34 minutes and 15 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e3cd6db6-61d3-49d6-9da2-e1c11f5cdebf

📥 Commits

Reviewing files that changed from the base of the PR and between 785bb56 and a7f977c.

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• pyproject.toml

📝 Walkthrough

Walkthrough

A new direct dependency on pyasn1 version 0.6.3 or higher was added to the project's Poetry configuration under the standard dependencies section. No other configuration, build settings, or package constraints were modified.

Changes

Cohort / File(s)	Summary
Dependency Addition pyproject.toml	Added pyasn1 >= 0.6.3 as a direct dependency in [tool.poetry.dependencies].

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding pyasn1 >= 0.6.3 as a direct dependency to address CVE-2026-30922, which is the primary objective of this pull request.
Description check	✅ Passed	The description covers all required sections: what is changed (dependency constraint), why (CVE-2026-30922 vulnerability), how it addresses the issue (MAX_NESTING_DEPTH limit), related dependencies (pyasn1-modules upgrade), and includes a reference to the tracking issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.93%. Comparing base (8d5398e) to head (a7f977c).

@@           Coverage Diff           @@
##             main    #1524   +/-   ##
=======================================
  Coverage   91.93%   91.93%           
=======================================
  Files         239      239           
  Lines       10810    10810           
=======================================
  Hits         9938     9938           
  Misses        872      872           

Flag	Coverage Δ
unit-int-tests-3.11	91.93% <ø> (ø)
unit-int-tests-3.12	91.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ptoscano]

/run-e2e

[ptoscano]

Successful e2e run: https://github.com/ansible/eda-server/actions/runs/24343103614

[AlexSCorey]

Looks good to me.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud