Skip to content

chore(deps-dev): Update pyopenssl requirement from >=26.0.0 to >=26.1.0#993

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pyopenssl-gte-26.1.0
Closed

chore(deps-dev): Update pyopenssl requirement from >=26.0.0 to >=26.1.0#993
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pyopenssl-gte-26.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on pyopenssl to permit the latest version.

Changelog

Sourced from pyopenssl's changelog.

26.1.0 (2026-04-24)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 47.x.
  • Fixed X509Name field setters to correctly pass the value length to OpenSSL. Previously, values containing NUL bytes would be silently truncated, causing a divergence between the stored ASN.1 value and the value visible from Python. Credit to BudongJW for reporting the issue. CVE-2026-40475

26.0.0 (2026-03-15)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Dropped support for Python 3.7.
  • The minimum cryptography version is now 46.0.0.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Added support for using aws-lc instead of OpenSSL.
  • Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
  • Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
  • Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

25.3.0 (2025-09-16)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 46.x.

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 27, 2026
@dependabot dependabot Bot requested review from a team as code owners April 27, 2026 16:38
@dependabot
chore(deps-dev): Update pyopenssl requirement from >=26.0.0 to >=26.1.0
4f6e8cf 
Updates the requirements on [pyopenssl](https://github.com/pyca/pyopenssl) to permit the latest version.
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@26.0.0...26.1.0)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-version: 26.1.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pyopenssl-gte-26.1.0 branch from 0fb61c3 to 4f6e8cf Compare April 30, 2026 13:17
@CasperGN CasperGN closed this May 4, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/pyopenssl-gte-26.1.0 branch May 4, 2026 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CasperGN