Skip to content

chore(deps): bump cryptography from 46.0.6 to 46.0.7#425

Merged
katriendg merged 1 commit into
mainfrom
dependabot/uv/cryptography-46.0.7
Apr 9, 2026
Merged

chore(deps): bump cryptography from 46.0.6 to 46.0.7#425
katriendg merged 1 commit into
mainfrom
dependabot/uv/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps cryptography from 46.0.6 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

@dependabot dependabot Bot added dependencies Dependency version updates python Pull requests that update python code labels Apr 8, 2026
@github-actions github-actions Bot changed the title chore(deps): bump cryptography from 46.0.6 to 46.0.7 security(deps): bump cryptography from 46.0.6 to 46.0.7 Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 8, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA b36b850.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

uv.lock

PackageVersionLicenseIssue Type
cryptography46.0.7NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/cryptography 46.0.7 UnknownUnknown

Scanned Files

  • uv.lock

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 8, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.41%. Comparing base (438660a) to head (b36b850).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #425   +/-   ##
=======================================
  Coverage   64.41%   64.41%           
=======================================
  Files         251      251           
  Lines       15435    15435           
  Branches     2060     2060           
=======================================
  Hits         9942     9942           
  Misses       5205     5205           
  Partials      288      288
Flag Coverage Δ
pester 82.24% <ø> (ø)
pytest 92.40% <ø> (ø)
pytest-dataviewer 63.87% <ø> (ø)
pytest-fuzz 1.59% <ø> (ø)
vitest 50.80% <ø> (ø)
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot dependabot Bot changed the title security(deps): bump cryptography from 46.0.6 to 46.0.7 chore(deps): bump cryptography from 46.0.6 to 46.0.7 Apr 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/cryptography-46.0.7 branch 2 times, most recently from 76b8c55 to 882bbf3 Compare April 8, 2026 20:26
@katriendg
Copy link
Copy Markdown
Collaborator

katriendg commented Apr 9, 2026

@dependabot rebase

@dependabot
chore(deps): bump cryptography from 46.0.6 to 46.0.7
b36b850 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/cryptography-46.0.7 branch from 882bbf3 to b36b850 Compare April 9, 2026 07:03
@katriendg katriendg merged commit 2366647 into main Apr 9, 2026
32 checks passed
@katriendg katriendg deleted the dependabot/uv/cryptography-46.0.7 branch April 9, 2026 07:06
@physical-ai-toolchain-release physical-ai-toolchain-release Bot mentioned this pull request Apr 8, 2026
Merged
WilliamBerryiii pushed a commit that referenced this pull request Apr 9, 2026
@physical-ai-toolchain-release @github-actions
chore(main): release 0.7.0 (#427)
39325a9 
🤖 I have created a release *beep* *boop*
---


##
[0.7.0](v0.6.1...v0.7.0)
(2026-04-09)


### ✨ Features

* **build:** add hve-core release pipeline with dependency SBOM and
signing artifacts
([#420](#420))
([2ff839a](2ff839a))
* **build:** enforce strict warnings across all linters
([#392](#392))
([b75e217](b75e217))
* **evaluation:** add fuzz testing infrastructure and property-based
tests
([#416](#416))
([d97d42c](d97d42c))
* **infrastructure:** add optional ADLS Gen2 data lake storage account
([#398](#398))
([3bb9012](3bb9012))
* **settings:** add HVE Core extension to workspace and devcontainer
recommendations
([#226](#226))
([f0735d8](f0735d8))


### 🐛 Bug Fixes

* **docs:** fix broken links, harden Docusaurus config, and integrate CI
workflow
([#430](#430))
([ea99997](ea99997))
* **scripts:** join shellcheck version output before -match to populate
$Matches
([#432](#432))
([8768e76](8768e76))
* **scripts:** map unmapped ShellCheck severity levels and harden
version parsing
([#434](#434))
([1e95a17](1e95a17))
* **scripts:** resolve ShellCheck SC2034 and enable source-path
resolution
([#443](#443))
([04438ea](04438ea))


### 🔧 Miscellaneous

* **deps-dev:** bump basic-ftp from 5.2.0 to 5.2.1
([#429](#429))
([438660a](438660a))
* **deps:** bump cryptography from 46.0.6 to 46.0.7
([#425](#425))
([2366647](2366647))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: physical-ai-toolchain-release[bot] <267194360+physical-ai-toolchain-release[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@katriendg katriendg katriendg approved these changes

Assignees

No one assigned

Labels

dependencies Dependency version updates python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @katriendg