Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Bump cryptography from 46.0.5 to 46.0.7#75

Closed
dependabot[bot] wants to merge 1 commit into
mainSocketDev/socket-sdk-python:mainfrom
dependabot/uv/cryptography-46.0.7SocketDev/socket-sdk-python:dependabot/uv/cryptography-46.0.7Copy head branch name to clipboard
Closed

Bump cryptography from 46.0.5 to 46.0.7#75
dependabot[bot] wants to merge 1 commit into
mainSocketDev/socket-sdk-python:mainfrom
dependabot/uv/cryptography-46.0.7SocketDev/socket-sdk-python:dependabot/uv/cryptography-46.0.7Copy head branch name to clipboard

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown
Contributor

Bumps cryptography from 46.0.5 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 8, 2026 21:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Apr 8, 2026
@github-actions

github-actions Bot commented Apr 8, 2026

Copy link
Copy Markdown

🚀 Preview package published!

Install with:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple socketdev==3.0.33.dev2

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/cryptography-46.0.7 branch from 24e7d26 to 819cd09 Compare April 24, 2026 17:01
@lelia

lelia commented Jun 1, 2026

Copy link
Copy Markdown
Contributor

Superseded by #84, which bundles this bump (verified through Socket Firewall) alongside the new Dependabot review hardening. Closing in favor of that PR.

@lelia lelia closed this Jun 1, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/uv/cryptography-46.0.7 branch June 1, 2026 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Morty Proxy This is a proxified and sanitized view of the page, visit original site.