Skip to content

chore(deps): bump cryptography from 42.0.5 to 46.0.6 in /scripts/platform-init in the pip group across 1 directory#4418

Merged
rokroskar merged 2 commits into
release-2.19.0from
dependabot/pip/scripts/platform-init/pip-6ba9ca5f64
Jun 30, 2026
Merged

chore(deps): bump cryptography from 42.0.5 to 46.0.6 in /scripts/platform-init in the pip group across 1 directory#4418
rokroskar merged 2 commits into
release-2.19.0from
dependabot/pip/scripts/platform-init/pip-6ba9ca5f64

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 28, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip group with 1 update in the /scripts/platform-init directory: cryptography.

Updates cryptography from 42.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

46.0.5 - 2026-02-10

  • An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine for reporting the issue. CVE-2026-26007
  • Support for SECT* binary elliptic curves is deprecated and will be removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27


* `Dropped support for win_arm64 wheels`_.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15

  • Fixed compilation when using LibreSSL 4.2.0.

.. _v46-0-2:

46.0.2 - 2025-09-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

/deploy

Bumps the pip group with 1 update in the /scripts/platform-init directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 42.0.5 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@42.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 28, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 28, 2026 13:37
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 28, 2026
@rokroskar rokroskar changed the base branch from master to release-2.19.0 June 30, 2026 11:34
@RenkuBot

Copy link
Copy Markdown
Collaborator

You can access the deployment of this PR at https://ci-renku-4418.dev.renku.ch

@rokroskar rokroskar enabled auto-merge (squash) June 30, 2026 11:47
@rokroskar rokroskar merged commit 0d26e90 into release-2.19.0 Jun 30, 2026
40 of 43 checks passed
@rokroskar rokroskar deleted the dependabot/pip/scripts/platform-init/pip-6ba9ca5f64 branch June 30, 2026 11:52
@RenkuBot

Copy link
Copy Markdown
Collaborator

Tearing down the temporary RenkuLab deployment for this PR.

rokroskar added a commit that referenced this pull request Jun 30, 2026
Bumps the pip group with 1 update in the /scripts/platform-init directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 42.0.5 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@42.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rok Roškar <roskarr@ethz.ch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants