Skip to content

build(deps): bump cryptography from 46.0.5 to 46.0.7#80

Merged
Sdvegas21 merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7
Apr 17, 2026
Merged

build(deps): bump cryptography from 46.0.5 to 46.0.7#80
Sdvegas21 merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps cryptography from 46.0.5 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:


46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file security Security-related issues or pull requests labels Apr 9, 2026
@dependabot dependabot bot requested a review from Sdvegas21 as a code owner April 9, 2026 06:27
@dependabot dependabot bot added the security Security-related issues or pull requests label Apr 9, 2026
@dependabot dependabot bot mentioned this pull request Apr 9, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/pip/cryptography-46.0.7 branch 3 times, most recently from 6401483 to 4dc1748 Compare April 17, 2026 18:39
@dependabot dependabot bot changed the title build(deps): bump cryptography from 46.0.5 to 46.0.7 chore(deps): bump cryptography from 46.0.5 to 46.0.7 Apr 17, 2026
@dependabot dependabot bot force-pushed the dependabot/pip/cryptography-46.0.7 branch from 4dc1748 to a57abe9 Compare April 17, 2026 18:48
@dependabot dependabot bot changed the title chore(deps): bump cryptography from 46.0.5 to 46.0.7 build(deps): bump cryptography from 46.0.5 to 46.0.7 Apr 17, 2026
@dependabot dependabot bot force-pushed the dependabot/pip/cryptography-46.0.7 branch 3 times, most recently from 9d6852d to 3e4fea2 Compare April 17, 2026 19:03
@dependabot
build(deps): bump cryptography from 46.0.5 to 46.0.7
60072a3 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/cryptography-46.0.7 branch from 3e4fea2 to 60072a3 Compare April 17, 2026 19:04
@Sdvegas21 Sdvegas21 merged commit 9766ffb into main Apr 17, 2026
8 checks passed
@Sdvegas21 Sdvegas21 deleted the dependabot/pip/cryptography-46.0.7 branch April 17, 2026 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sdvegas21 Sdvegas21 Awaiting requested review from Sdvegas21 Sdvegas21 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file security Security-related issues or pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sdvegas21