Skip to content

Upgrade: [dependabot] - bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#246

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/pip-3344959f9f
Apr 9, 2026
Merged

Upgrade: [dependabot] - bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#246
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/pip-3344959f9f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps the pip group with 1 update in the / directory: cryptography.

Updates cryptography from 46.0.6 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 8, 2026 22:28
@github-actions github-actions Bot enabled auto-merge (squash) April 8, 2026 22:28
@dependabot
Upgrade: [dependabot] - bump cryptography
eda5098 
Bumps the pip group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.6 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/pip-3344959f9f branch from 8ba61cf to eda5098 Compare April 9, 2026 11:29
@github-actions github-actions Bot merged commit 9cd6def into main Apr 9, 2026
11 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/pip-3344959f9f branch April 9, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adam-wallernhs1 adam-wallernhs1 adam-wallernhs1 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adam-wallernhs1