Skip to content

Bump cryptography from 46.0.4 to 46.0.5#12056

Merged
github-actions[bot] merged 2 commits into3.14from
dependabot/pip/3.14/cryptography-46.0.5
May 4, 2026
Merged

Bump cryptography from 46.0.4 to 46.0.5#12056
github-actions[bot] merged 2 commits into3.14from
dependabot/pip/3.14/cryptography-46.0.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 11, 2026
edited
Loading

Bumps cryptography from 46.0.4 to 46.0.5.

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump cryptography from 46.0.4 to 46.0.5
007a869 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.4...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Feb 11, 2026
@github-actions github-actions Bot enabled auto-merge (squash) February 11, 2026 10:46
@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 11, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.20%. Comparing base (299693b) to head (7bd3cbe).
⚠️ Report is 1 commits behind head on 3.14.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             3.14   #12056      +/-   ##
==========================================
+ Coverage   98.17%   98.20%   +0.02%     
==========================================
  Files         135      135              
  Lines       47131    47131              
  Branches     2526     2526              
==========================================
+ Hits        46272    46283      +11     
+ Misses        680      671       -9     
+ Partials      179      177       -2
Flag Coverage Δ
CI-GHA 98.26% <ø> (+0.01%) ⬆️
OS-Linux 98.02% <ø> (+0.01%) ⬆️
OS-Windows 95.66% <ø> (ø)
OS-macOS 97.21% <ø> (+<0.01%) ⬆️
Py-3.10.11 96.69% <ø> (ø)
Py-3.10.20 97.17% <ø> (+<0.01%) ⬆️
Py-3.11.15 97.45% <ø> (-0.01%) ⬇️
Py-3.11.9 96.98% <ø> (+<0.01%) ⬆️
Py-3.12.10 97.06% <ø> (+1.77%) ⬆️
Py-3.12.13 97.54% <ø> (+0.63%) ⬆️
Py-3.13.13 97.76% <ø> (+0.71%) ⬆️
Py-3.14.4 97.81% <ø> (+0.71%) ⬆️
Py-3.14.4t 96.83% <ø> (-0.01%) ⬇️
Py-pypy3.11.15-7.3.21 96.67% <ø> (?)
VM-macos 97.21% <ø> (+<0.01%) ⬆️
VM-ubuntu 98.02% <ø> (+0.01%) ⬆️
VM-windows 95.66% <ø> (ø)
cython-coverage 38.08% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Feb 11, 2026
edited
Loading

Merging this PR will not alter performance

✅ 67 untouched benchmarks
⏩ 4 skipped benchmarks1

Comparing dependabot/pip/3.14/cryptography-46.0.5 (7bd3cbe) with 3.14 (299693b)

Open in CodSpeed

Footnotes

  1. 4 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@rodrigobnogueira rodrigobnogueira mentioned this pull request Feb 15, 2026
Merged
5 tasks
@github-actions github-actions Bot merged commit c2fdd73 into 3.14 May 4, 2026
42 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/3.14/cryptography-46.0.5 branch May 4, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@asvetlov asvetlov Awaiting requested review from asvetlov asvetlov is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Dreamsorcerer