Skip to content

Bump cryptography from 46.0.5 to 46.0.7#223

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/cryptography-46.0.7
Open

Bump cryptography from 46.0.5 to 46.0.7#223
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps cryptography from 46.0.5 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:


46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 8, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 8, 2026 22:18
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 8, 2026
@dependabot dependabot bot mentioned this pull request Apr 8, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026
edited
Loading

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2267f16.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

PackageVersionLicenseIssue Type
cryptography46.0.7NullUnknown License
Denied Licenses: GPL-3.0-only, AGPL-3.0-only

OpenSSF Scorecard

PackageVersionScoreDetails
pip/cryptography 46.0.7 UnknownUnknown

Scanned Files

  • uv.lock

@gwharris7 gwharris7 enabled auto-merge (squash) April 13, 2026 18:55
@dependabot
Bump cryptography from 46.0.5 to 46.0.7
2267f16 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/cryptography-46.0.7 branch from b452df6 to 2267f16 Compare April 13, 2026 19:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gwharris7 gwharris7 gwharris7 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gwharris7