upgraded paramiko

[mickume]

Upgraded paramiko to fix the deprection warnings I had in the console:

/venv/lib64/python3.12/site-packages/paramiko/pkey.py:82: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from cryptography.hazmat.primitives.ciphers.algorithms in 48.0.0.
"cipher": algorithms.TripleDES,

Changes

• Fixes compatibility with newer versions of paramiko (3.5.0+) that removed support for DSSKey (DSS/DSA keys)
• Removed paramiko.DSSKey from supported key types in SSH MITM driver
• Updated test mocks to match the new key types list
• DSS/DSA keys are deprecated for security reasons and no longer supported by paramiko

Summary by CodeRabbit

• Bug Fixes

  • Removed support for DSS/DSA private key types; only Ed25519, RSA, and ECDSA keys are now supported

• Chores

  • Updated Paramiko dependency requirement to version 3.6.0 or higher

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[netlify]

✅ Deploy Preview for jumpstarter-docs ready!

Name	Link
🔨 Latest commit	15ad266
🔍 Latest deploy log	https://app.netlify.com/projects/jumpstarter-docs/deploys/693be656e02e1c000981f796
😎 Deploy Preview	https://deploy-preview-779--jumpstarter-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Walkthrough

The changes remove support for loading DSS/DSA private keys from the SSH MITM driver, update the corresponding test to reflect this removal, and bump the Paramiko dependency version from 3.0.0 to 3.6.0.

Changes

Cohort / File(s)	Summary
DSS/DSA key support removal packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py, packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver_test.py	Removed DSSKey from the supported key types in _load_private_key(). The key auto-detection now supports Ed25519Key, RSAKey, and ECDSAKey only. Updated docstring and test mocks accordingly. DSS/DSA keys will fail to load.
Dependency version bump packages/jumpstarter-driver-ssh-mitm/pyproject.toml	Updated Paramiko dependency constraint from >=3.0.0 to >=3.6.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify Paramiko 3.6.0 compatibility and changelog for any breaking changes related to key handling
• Confirm there are no existing systems relying on DSS/DSA keys for SSH authentication with this driver
• Validate that the updated key type list aligns with organizational security policies

Possibly related PRs

• Add new ssh-mitm driver for jumpstarter #768: Directly related—the retrieved PR added _load_private_key with DSSKey support; this PR removes DSS/DSA from the key class list, reversing that addition.

Suggested reviewers

• mangelajo

Poem

🐰 DSS keys hop away into the past,
Paramiko's version bumps up so fast,
Ed25519 and RSA stay to play,
ECDSA joins the modern way! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'upgraded paramiko' accurately reflects the main change in the PR, which updates the paramiko dependency from >=3.0.0 to >=3.6.0, along with related code adjustments for DSSKey support removal.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py (1)

259-277: Good removal of DSS/DSA key support; make the failure actionable

Dropping paramiko.DSSKey here matches the stated goal and avoids runtime failures on Paramiko 3.5.0+. Consider including the supported key types in the exception message (and/or logging which parsers failed) to speed up user diagnosis when a key can’t be parsed.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 615ddd3 and 15ad266.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py (1 hunks)
• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver_test.py (0 hunks)
• packages/jumpstarter-driver-ssh-mitm/pyproject.toml (1 hunks)

💤 Files with no reviewable changes (1)

• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver_test.py

🧰 Additional context used

📓 Path-based instructions (5)

packages/jumpstarter-driver-*/pyproject.toml

📄 CodeRabbit inference engine (.cursor/rules/creating-new-drivers.mdc)

Driver package names should be lowercase with hyphens for multi-word names (e.g., my-driver, custom-power, device-controller)

packages/jumpstarter-driver-*/pyproject.toml: Driver packages must follow the naming pattern jumpstarter-driver-<name>
Driver packages must register via the jumpstarter.drivers entry point in pyproject.toml
Driver packages must depend on jumpstarter and specific hardware libraries in their pyproject.toml

Files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

packages/*/pyproject.toml

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Each package's pyproject.toml must include project metadata with Apache-2.0 license only

Files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

packages/jumpstarter-driver-*/jumpstarter_driver_*/driver.py

📄 CodeRabbit inference engine (.cursor/rules/creating-new-drivers.mdc)

Driver class names should be in CamelCase and be descriptive with appropriate suffixes based on functionality: Power drivers should end with *Power, Network drivers with *Network, Flasher drivers with *Flasher, Console drivers with *Console, Server drivers with *Server

Files:

• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py

packages/jumpstarter-driver-**/jumpstarter_driver_**/*.py

📄 CodeRabbit inference engine (.cursor/rules/creating-new-drivers.mdc)

Driver implementations should follow existing code style validated with make lint (fix with make lint-fix), perform static type checking with make ty-pkg-${package_name}, add comprehensive tests, and verify all tests pass with make test-pkg-${package_name} or make test

Files:

• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py

**/*.py

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Ruff should be used for code formatting and linting, excluding jumpstarter-protocol package

Files:

• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py

🧠 Learnings (11)

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-cli-*/pyproject.toml : CLI packages must depend on `jumpstarter` and `jumpstarter-cli-common` in their `pyproject.toml`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-driver-*/pyproject.toml : Driver packages must depend on `jumpstarter` and specific hardware libraries in their `pyproject.toml`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-driver-*/pyproject.toml : Driver packages must register via the `jumpstarter.drivers` entry point in `pyproject.toml`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-driver-*/pyproject.toml : Driver packages must follow the naming pattern `jumpstarter-driver-<name>`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to examples/*/pyproject.toml : Example packages should depend on relevant driver packages in their `pyproject.toml`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-driver-*/jumpstarter_driver_*/ : Driver packages must implement a `driver.py` file containing the driver implementation

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml
• packages/jumpstarter-driver-ssh-mitm/jumpstarter_driver_ssh_mitm/driver.py

📚 Learning: 2025-11-05T13:45:58.271Z

Learnt from: mangelajo
Repo: jumpstarter-dev/jumpstarter PR: 735
File: packages/jumpstarter-driver-flashers/jumpstarter_driver_flashers/client.py:15-15
Timestamp: 2025-11-05T13:45:58.271Z
Learning: In packages/jumpstarter-driver-flashers/jumpstarter_driver_flashers/client.py, pexpect is intentionally used as a transitive dependency through the jumpstarter-driver-pyserial package. The flashers package does not declare pexpect as a direct dependency because the pyserial driver package is intended to control the pexpect version.

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Applies to packages/jumpstarter-driver-*/jumpstarter_driver_*/ : Driver packages must implement a `client.py` file containing the client implementation

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:55.346Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-11-27T09:58:55.346Z
Learning: Core packages must depend on `jumpstarter-protocol`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:41.875Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/creating-new-drivers.mdc:0-0
Timestamp: 2025-11-27T09:58:41.875Z
Learning: Applies to packages/jumpstarter-driver-composite/pyproject.toml : Composite drivers that have child drivers should inherit from `CompositeClient` in `jumpstarter_driver_composite.client` and have a dependency on `jumpstarter-driver-composite` in `pyproject.toml`

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

📚 Learning: 2025-11-27T09:58:41.875Z

Learnt from: CR
Repo: jumpstarter-dev/jumpstarter PR: 0
File: .cursor/rules/creating-new-drivers.mdc:0-0
Timestamp: 2025-11-27T09:58:41.875Z
Learning: Applies to packages/jumpstarter-driver-*/pyproject.toml : Driver package names should be lowercase with hyphens for multi-word names (e.g., `my-driver`, `custom-power`, `device-controller`)

Applied to files:

• packages/jumpstarter-driver-ssh-mitm/pyproject.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Redirect rules - jumpstarter-docs
• GitHub Check: Header rules - jumpstarter-docs
• GitHub Check: Pages changed - jumpstarter-docs
• GitHub Check: build
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.11)
• GitHub Check: pytest-matrix (macos-15, 3.12)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.12)
• GitHub Check: pytest-matrix (macos-15, 3.13)
• GitHub Check: pytest-matrix (macos-15, 3.11)
• GitHub Check: pytest-matrix (ubuntu-24.04, 3.13)
• GitHub Check: e2e

🔇 Additional comments (1)

packages/jumpstarter-driver-ssh-mitm/pyproject.toml (1)

11-16: Paramiko version floor appears arbitrary; DSSKey concern is unfounded

The paramiko>=3.6.0 floor should be reconsidered. The review concern about DSSKey removal is based on incorrect information—DSSKey was removed in Paramiko 4.0.0, not 3.5.0. Additionally, the driver code only uses Ed25519Key, RSAKey, and ECDSAKey (via PKey.from_private_key()); it never imports or uses DSSKey. Since no 3.6.0-specific APIs are used, consider lowering the floor to an earlier 3.x version (e.g., >=3.0.0) unless there's an undocumented compatibility reason for 3.6.0.

Likely an incorrect or invalid review comment.

[mangelajo]

Thank you @mickume !!