Skip to content

Bump cryptography from 46.0.5 to 46.0.6#908

Merged
ayeshurun merged 1 commit intomainfrom
dependabot/uv/cryptography-46.0.6
Mar 31, 2026
Merged

Bump cryptography from 46.0.5 to 46.0.6#908
ayeshurun merged 1 commit intomainfrom
dependabot/uv/cryptography-46.0.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 29, 2026
edited
Loading

Bumps cryptography from 46.0.5 to 46.0.6.

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 29, 2026
@ayeshurun ayeshurun changed the title Bump cryptography from 46.0.5 to 46.0.6 Fixed #0 Bump cryptography from 46.0.5 to 46.0.6 Mar 31, 2026
@ayeshurun
Copy link
Copy Markdown
Contributor

ayeshurun commented Mar 31, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 31, 2026

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@ayeshurun
Copy link
Copy Markdown
Contributor

ayeshurun commented Mar 31, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 31, 2026

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@ayeshurun
Copy link
Copy Markdown
Contributor

ayeshurun commented Mar 31, 2026
edited
Loading

@dependabot recreate

@dependabot
Bump cryptography from 46.0.5 to 46.0.6
64a6b4a 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title Fixed #0 Bump cryptography from 46.0.5 to 46.0.6 Bump cryptography from 46.0.5 to 46.0.6 Mar 31, 2026
@dependabot dependabot bot force-pushed the dependabot/uv/cryptography-46.0.6 branch from 17e7bc0 to 64a6b4a Compare March 31, 2026 12:46
@ayeshurun ayeshurun enabled auto-merge (squash) March 31, 2026 12:47
@ayeshurun ayeshurun merged commit 60d0e67 into main Mar 31, 2026
18 checks passed
@ayeshurun ayeshurun deleted the dependabot/uv/cryptography-46.0.6 branch March 31, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ayeshurun ayeshurun ayeshurun approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code skip changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ayeshurun