Skip to content

Bump cryptography from 46.0.6 to 46.0.7#84

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7
Apr 29, 2026
Merged

Bump cryptography from 46.0.6 to 46.0.7#84
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps cryptography from 46.0.6 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump cryptography from 46.0.6 to 46.0.7
6b994a9 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 29, 2026 15:33
senzingdevops
senzingdevops approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@senzingdevops senzingdevops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions Bot enabled auto-merge (squash) April 29, 2026 15:33
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 29, 2026

🤖 Claude Code Review

Code Review

PR Summary: Bumps cryptography from 46.0.6 to 46.0.7 in pyproject.toml.

Code Quality

  • Style guide: Single-line version bump, no style concerns.
  • No commented-out code
  • Meaningful variable names: N/A
  • DRY principle: N/A
  • Defects: No logic changes; dependency bump only. No bugs introduced.
  • CLAUDE.md: No issues.

Testing

  • Unit/integration tests: No code changes requiring new tests.
  • Coverage: N/A

Documentation

  • README: No update needed for a dependency bump.
  • API docs: N/A
  • Inline comments: N/A
  • CHANGELOG.md: No changelog entry for this dependency update. Depending on project policy, dependency bumps (especially security patches) should be noted.

Security

  • No hardcoded credentials
  • No sensitive data
  • No license files
  • Security note: cryptography 46.0.7 is a patch release — likely a security or bug fix. This is a recommended upgrade.

Verdict: Approved with minor note. The missing CHANGELOG entry is the only gap, and whether it's required depends on project policy. The bump itself is clean and appropriate.

Automated code review analyzing defects and coding standards

@github-actions github-actions Bot merged commit b360e8a into main Apr 29, 2026
12 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/cryptography-46.0.7 branch April 29, 2026 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@senzingdevops senzingdevops senzingdevops approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@senzingdevops