Skip to content

Bump cryptography from 46.0.6 to 46.0.7#98

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7
Apr 27, 2026
Merged

Bump cryptography from 46.0.6 to 46.0.7#98
github-actions[bot] merged 1 commit intomainfrom
dependabot/pip/cryptography-46.0.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps cryptography from 46.0.6 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 27, 2026 01:35
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 27, 2026
senzingdevops
senzingdevops approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@senzingdevops senzingdevops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions github-actions Bot enabled auto-merge (squash) April 27, 2026 01:36
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

🤖 Claude Code Review

PR Code Review

This diff updates a single dependency version in pyproject.toml.

Code Quality

  • Style guide: Single-line change, no style concerns.
  • No commented-out code
  • Variable names: N/A
  • DRY principle: N/A
  • Defects: No logic changes introduced. cryptography==46.0.646.0.7 is a patch bump, consistent with the pattern of other version-pinned dev dependencies in the file.

Testing

  • Unit/integration tests: No code logic changed; no new tests required.
  • Coverage: N/A

Documentation

  • CHANGELOG.md: Not updated. Dependency bumps are typically noted in changelogs. Minor issue — acceptable to skip for automated dependency bumps if project convention allows it.

Security

  • No hardcoded credentials
  • No license files (.lic) checked in
  • Security note: cryptography is a security-critical library. Version 46.0.7 is a patch release over 46.0.6 — verify this bump addresses a CVE or security fix (this aligns with the commit message "Bump cryptography from 46.0.6 to 46.0.7", consistent with Dependabot security updates).

Summary: This is a clean, minimal dependency security patch. The only minor gap is the absence of a CHANGELOG entry, which may be acceptable for automated dependency bumps depending on project convention.

Automated code review analyzing defects and coding standards

@dependabot
Bump cryptography from 46.0.6 to 46.0.7
1ac95e2 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/cryptography-46.0.7 branch from 1ea76e5 to 1ac95e2 Compare April 27, 2026 01:37
senzingdevops
senzingdevops approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@senzingdevops senzingdevops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated: approving this pull request because it includes a patch update

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

🤖 Claude Code Review

PR Code Review

Summary: This is a single-line dependency bump of cryptography from 46.0.6 to 46.0.7 in pyproject.toml.

Code Quality

  • Style guide — No code style concerns; this is a version string change only.
  • No commented-out code — N/A
  • Meaningful variable names — N/A
  • DRY principle — N/A
  • Defects — No logic, bugs, or security issues introduced. cryptography 46.0.7 is a patch release; patch bumps in this library are typically security or bug fixes. The change is in the development dependency group, so it only affects dev/test environments, not production runtime.

Testing

  • Unit/integration tests — No new code to test; dependency version bumps don't require new tests.
  • Coverage — Unaffected.

Documentation

  • README — No update needed.
  • API docs — No update needed.
  • CHANGELOG.md — Dependency bumps of this nature (automated/bot-driven) are typically not logged in CHANGELOG. No action needed unless project policy requires it.
  • Markdown formatting — N/A

Security

  • No hardcoded credentials — N/A
  • No license files (.lic) — None present.
  • No sensitive data — N/A

Verdict: Approved. This is a clean, low-risk patch bump of a development-only dependency. No issues found.

Automated code review analyzing defects and coding standards

@github-actions github-actions Bot merged commit b874c81 into main Apr 27, 2026
12 checks passed
@github-actions github-actions Bot deleted the dependabot/pip/cryptography-46.0.7 branch April 27, 2026 01:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@senzingdevops senzingdevops senzingdevops approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@senzingdevops