Bump cryptography from 43.0.3 to 46.0.6#4
Closed
dependabot[bot] wants to merge 14 commits intomainfrom
Closed
Conversation
* Add open source governance files and clean up tracked files - CODEOWNERS: @RaghavChamadiya and @swati510 as code owners - SECURITY.md: vulnerability reporting policy - CONTRIBUTING.md: setup guide and PR workflow - Issue and PR templates - Gitignore local dev scripts, API keys, and internal docs * Fix security vulnerabilities and restore uv.lock for CI - Upgrade next-mdx-remote 5.0.0 → 6.0.0 (arbitrary code execution fix) - Upgrade next 15.5.13 → 15.5.14 (image cache growth fix) - Fix picomatch, brace-expansion, yaml transitive vulnerabilities - Pin next to ~15.5.14 to prevent accidental major version jumps - Re-track uv.lock (needed by CI for reproducible Python installs) * Restore [project] tables in sub-package pyproject.toml for uv sync uv sync --all-packages requires a [project] table when package = true. Added minimal project metadata to core, cli, and server sub-packages. * Fix ruff lint errors and skip tests for missing optional deps - Fix all ruff lint violations across packages/ and tests/ - Add pytest.importorskip for anthropic and openai test modules so CI passes without optional provider SDKs installed * Update uv.lock after sub-package pyproject.toml changes * Disable mypy strict mode in CI until type annotations are cleaned up Relax mypy config and skip mypy CI step — the codebase has 38 type annotation issues that need proper fixes. Ruff still catches the important lint and formatting errors. * Fix test failures: skip optional SDK tests, fix version assertion - Add pytest.importorskip for gemini and openai embedder test modules - Update test_version assertion from 0.1.0 to 0.1.2 * Add ESLint config to prevent next lint interactive prompt on CI
dependabot
bot
added
dependencies
dependabot
bot
requested review from
RaghavChamadiya and
swati510
as code owners
dependabot
bot
added
dependencies
Improvements: - Adaptive cascade budget: scales 10-50 based on change magnitude - LLM output validation: cross-checks backtick refs against AST symbols - Generation report: rich table with token counts, cost estimate, and warnings - Framework-aware synthetic edges: conftest, Django, FastAPI, Flask patterns - Doctor --repair: three-store consistency checks with auto-repair Documentation: - graph-algorithms-guide.md: full guide to all graph algorithms with math - architecture-guide.md: complete architecture walkthrough - deep-dives-guide.md: dead code, decisions, search, webhooks, cascades - critical-analysis.md: failure analysis, probabilities, and improvements
- Fix ruff lint: remove unused imports, combine nested ifs, rename unused loop vars, simplify embedder resolution in doctor --repair - Apply ruff formatting to all modified files - Fix test_creates_db_and_state: match actual "init complete" output - Fix test_mcp_dead_code_and_freshness_flow: use tiers["high"]["findings"] to match the actual get_dead_code return shape - Fix test_gemini_live: skip when google-genai module is not installed
…oard stats - Fix standalone server.js path for Next.js monorepo builds (packages/web/server.js) - Add cwd-based lookup so _find_local_web works from pip-installed venvs - Fix server-side API client to use REPOWISE_API_URL instead of defaulting to port 80 - Replace hardcoded dashboard stats with real data from getRepoStats - Add .sfdx/ to .gitignore
* Add Claude Code plugin with MCP server, slash commands, and model-invoked skills Plugin at plugins/claude-code/ provides frictionless Repowise setup via Claude Code: - Auto-registers MCP server (8 tools) via .mcp.json - 5 slash commands: /repowise:init, status, update, search, reindex - 4 model-invoked skills: codebase exploration, pre-modification risk check, architectural decisions, dead code cleanup - /repowise:init handles full setup flow (install, provider selection, indexing) - Marketplace-ready with plugin.json and marketplace.json * Update README with Claude Code plugin install path, add plugin developer guide - Add plugin as the recommended install method in main README - Add --index-only quick start option - Link to plugin repo from MCP tools section - Fix marketplace org reference (repowise-dev, not repowise) - Add DEVELOPER.md with plugin maintenance and release workflow
- Write .mcp.json at repo root so Claude Code auto-discovers the MCP server (with merge semantics to preserve other MCP servers) - Move CLAUDE.md generation to .claude/CLAUDE.md for Claude Code project config - Strengthen template language (MUST/ALWAYS/MANDATORY) to compel tool usage - Update format_setup_instructions to reflect auto-config for Claude Code - Fix test_init_no_provider: patch GOOGLE_API_KEY and GEMINI_API_KEY env vars
* Auto-configure MCP and write .claude/CLAUDE.md during repowise init - Write .mcp.json at repo root so Claude Code auto-discovers the MCP server (with merge semantics to preserve other MCP servers) - Move CLAUDE.md generation to .claude/CLAUDE.md for Claude Code project config - Strengthen template language (MUST/ALWAYS/MANDATORY) to compel tool usage - Update format_setup_instructions to reflect auto-config for Claude Code - Fix test_init_no_provider: patch GOOGLE_API_KEY and GEMINI_API_KEY env vars * graph beautification ---------
* Add Claude Code plugin with MCP server, slash commands, and model-invoked skills Plugin at plugins/claude-code/ provides frictionless Repowise setup via Claude Code: - Auto-registers MCP server (8 tools) via .mcp.json - 5 slash commands: /repowise:init, status, update, search, reindex - 4 model-invoked skills: codebase exploration, pre-modification risk check, architectural decisions, dead code cleanup - /repowise:init handles full setup flow (install, provider selection, indexing) - Marketplace-ready with plugin.json and marketplace.json * Update README with Claude Code plugin install path, add plugin developer guide - Add plugin as the recommended install method in main README - Add --index-only quick start option - Link to plugin repo from MCP tools section - Fix marketplace org reference (repowise-dev, not repowise) - Add DEVELOPER.md with plugin maintenance and release workflow
Adds website/ with 10 external-facing documentation pages (getting started, core concepts, CLI reference, MCP server, web dashboard, CLAUDE.md generator, Claude Code plugin, configuration, self-hosting, contributing) built with Jekyll and the Just the Docs theme. Adds .github/workflows/docs.yml to auto-deploy on pushes to main.
…ages - Add churn distribution histogram, commit category donut, and enhanced hotspot table with bus factor, line stats, and trend indicators - Add D3 ownership treemap and bus factor risk panel to ownership page - Enhance wiki git history panel with lifecycle section, author bars, co-change visualization, and commit category sparkline - Wire dashboard with real stats from getRepoStats and getGitSummary - Fix server bugs: top_owners missing pct, co-changes filter key mismatch - Extend HotspotResponse and GitMetadataResponse with bus_factor, commit_categories, line stats, and other previously hidden fields - Fix truncation across all tables: use proper CSS truncation with title tooltips, rewrite truncatePath to keep more path components - Widen all pages from max-w-6xl to max-w-[1600px] for better space usage - Add search and filter controls to hotspot and ownership tables - Fix StatCard to render trend prop, loading skeleton mismatches
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.3 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@43.0.3...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/uv/cryptography-46.0.6
branch
from
fa56b70 to
da6c0b2
Compare
RaghavChamadiya
approved these changes
Apr 6, 2026
Collaborator
RaghavChamadiya
left a comment
RaghavChamadiya
left a comment
There was a problem hiding this comment.
Security patch, merging.
Collaborator
|
@dependabot rebase |
Contributor
Author
|
The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml. |
Collaborator
|
Closing this since the dependabot config has changed and it can't be rebased. Will bump cryptography separately in a fresh branch. |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps cryptography from 43.0.3 to 46.0.6.
Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
91d7288Cherry-pick #14542 (#14543)06e120ebump version for 46.0.5 release (#14289)0eebb9dEC check key on cofactor > 1 (#14287)bedf6e1fix openssl version on 46 branch (#14220)e6f44fcbump for 46.0.4 and drop win arm64 due to CI issues (#14217)c0af4ddrelease 46.0.3 (#13681)99efe5abump version for 46.0.2 (#13531)e735cfcrelease 46.0.1 (#13450)4e457ffExplicitly specify python in mac uv build invocation (#13447)2726efdDepend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)