Yeah, WPA2 requires updates to both the OS and the firmware of the dongle
Unless your pre-WPA2 WiFi card is unusually gifted a firmware update won’t be able to upgrade it. WPA1 was specifically designed to be able to use the (flawed) CRC encryption hardware built for WEP using an algorithm called “TKIP” which secures the connection by constantly iterating the key set. Not all WEP hardware can even handle this, but thankfully for Apple the Lucent/Orinoco chip they picked for the original AirPort could.
WPA2 requires AES encryption. Maybe there were WEP cards that were implemented with powerful/flexible enough hardware to be upgraded but I can’t think of any off the top of my head.
FWIW, some routers will still let you downgrade to TKIP, and if you do you’re *probably* okay in a residential setting unless someone is really out to get you, but it is definitely more fragile than AES.
(* But of course you still need OS X for WPA/TKIP… 10.3.something? Apple did indeed never release a stack to enable it under 9.x. Nor do I know of any third party solution that doesn’t involve a stand-alone Ethernet->WiFi bridge.)