Skip to content

chore(deps): bump cryptography from 46.0.6 to 46.0.7 in the uv group across 1 directory#724

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-3344959f9f
Open

chore(deps): bump cryptography from 46.0.6 to 46.0.7 in the uv group across 1 directory#724
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/uv-3344959f9f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps the uv group with 1 update in the / directory: cryptography.

Updates cryptography from 46.0.6 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

@dependabot dependabot bot added dependencies patch python:uv Pull requests that update python:uv code labels Apr 8, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 8, 2026 21:55
@dependabot dependabot bot added patch python:uv Pull requests that update python:uv code labels Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

Label error. Requires at least 1 of: breaking, chore, feat, fix. Found: dependencies, patch, python:uv. Follow https://www.conventionalcommits.org to get auto-labeling to work correctly.

@dependabot
chore(deps): bump cryptography in the uv group across 1 directory
0712a51 
Bumps the uv group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.6 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
  dependency-group: uv
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/uv-3344959f9f branch from 4b6d291 to 0712a51 Compare April 9, 2026 02:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies patch python:uv Pull requests that update python:uv code

Projects

🧰 devtools project board
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants