Skip to content

chore(deps): bump cryptography from 46.0.5 to 46.0.7#208

Merged
bdraco merged 1 commit into
mainfrom
dependabot/pip/cryptography-46.0.7
Apr 20, 2026
Merged

chore(deps): bump cryptography from 46.0.5 to 46.0.7#208
bdraco merged 1 commit into
mainfrom
dependabot/pip/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps cryptography from 46.0.5 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:


46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python labels Apr 13, 2026
@dependabot dependabot Bot mentioned this pull request Apr 13, 2026
Closed
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 13, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (8ff0db5) to head (e005dd8).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main      #208   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            6         6           
  Lines          255       255           
  Branches        38        38           
=========================================
  Hits           255       255

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 13, 2026
edited
Loading

Merging this PR will not alter performance

✅ 9 untouched benchmarks

Comparing dependabot/pip/cryptography-46.0.7 (e005dd8) with main (8ff0db5)

Open in CodSpeed

@dependabot
chore(deps): bump cryptography from 46.0.5 to 46.0.7
e005dd8 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/cryptography-46.0.7 branch from 2bc7517 to e005dd8 Compare April 20, 2026 09:16
@bdraco bdraco merged commit cdf6f4c into main Apr 20, 2026
48 checks passed
@bdraco bdraco deleted the dependabot/pip/cryptography-46.0.7 branch April 20, 2026 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bdraco bdraco bdraco approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bdraco