Skip to content

fix(deps): update dependency cryptography to v46.0.7 [security]#359

Merged
layertwo merged 1 commit intomainlinefrom
renovate/pypi-cryptography-vulnerability
Apr 9, 2026
Merged

fix(deps): update dependency cryptography to v46.0.7 [security]#359
layertwo merged 1 commit intomainlinefrom
renovate/pypi-cryptography-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Apr 8, 2026

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cryptography (changelog) ==46.0.6==46.0.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2026-39892

If a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. For example:

h = Hash(SHA256())
b.update(buf[::-1])

would read past the end of the buffer on Python >3.11

Release Notes

pyca/cryptography (cryptography)

v46.0.7

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Coverage report

This PR does not seem to contain any modification to coverable code.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2026

Diff for stage: DefaultStage

Warning

3 Destructive Changes

Diff for stack: GitHubOidcStack - 0 to add, 1 to update, 0 to destroy 🟡

Details 
Resources
[~] Custom::AWSCDKOpenIdConnectProvider GitHubOidcProvider7EBF861F
 ├─ [~] CodeHash
 │   ├─ [-] 62fa02efcaa700e1c247e1d3cc2aa0cd07a0808a9a3e3d2230e51f57a02233fb
 │   └─ [+] d75c48c9f82cde63e9bf414df335e84e8ac24f11eb34889be255b702aec71e50
 └─ [~] RejectUnauthorized
[~] AWS::Lambda::Function CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] 62fa02efcaa700e1c247e1d3cc2aa0cd07a0808a9a3e3d2230e51f57a02233fb.zip
 │       └─ [+] d75c48c9f82cde63e9bf414df335e84e8ac24f11eb34889be255b702aec71e50.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.62fa02efcaa700e1c247e1d3cc2aa0cd07a0808a9a3e3d2230e51f57a02233fb
         └─ [+] asset.d75c48c9f82cde63e9bf414df335e84e8ac24f11eb34889be255b702aec71e50

Diff for stack: Service-prod - 3 to add, 3 to update, 3 to destroy

Details

[!WARNING]
Destructive Changes ‼️
Stack: Service-prod - Resource: AuthApiDeploymentB62B2E46e6df84b588a887363a13ab29adc3623c - Impact: WILL_DESTROY

Stack: Service-prod - Resource: TokenApiDeploymentB896C219b16a73c2bacf13dff150a851137e236c - Impact: WILL_DESTROY

Stack: Service-prod - Resource: ProfileApiDeployment84A54415e0158c62574d24c31b8dbd21e82873c4 - Impact: WILL_DESTROY

Resources
[-] AWS::ApiGateway::Deployment AuthApiDeploymentB62B2E46e6df84b588a887363a13ab29adc3623c destroy
[-] AWS::ApiGateway::Deployment TokenApiDeploymentB896C219b16a73c2bacf13dff150a851137e236c destroy
[-] AWS::ApiGateway::Deployment ProfileApiDeployment84A54415e0158c62574d24c31b8dbd21e82873c4 destroy
[+] AWS::ApiGateway::Deployment AuthApiDeploymentB62B2E46b5c04cfbd7bd117a1ee4f8acc7bb74f8
[+] AWS::ApiGateway::Deployment TokenApiDeploymentB896C2197f4fd8f40928d8ff6b65325e6f60c797
[+] AWS::ApiGateway::Deployment ProfileApiDeployment84A54415afa95090416ea0bbd4b1d2aac5a9241c
[~] AWS::Lambda::Function AuthApiHandlerED50ACFA
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216.zip
 │       └─ [+] 014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216
         └─ [+] asset.014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec
[~] AWS::Lambda::Function TokenApiHandler2E66DB25
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216.zip
 │       └─ [+] 014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216
         └─ [+] asset.014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec
[~] AWS::Lambda::Function ProfileApiHandler9B65A298
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216.zip
 │       └─ [+] 014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216
         └─ [+] asset.014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec
[~] AWS::Lambda::Function ApiHandler5E7490E8
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216.zip
 │       └─ [+] 014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.e2434a15506776bef26a0e50609c141d38e52b00f548a51daf76703a7262d216
         └─ [+] asset.014b5e7d2c7a95ae95d6d86086611a8511adae235036728aa69fdc0118a9acec
[~] AWS::ApiGateway::Stage AuthApiDeploymentStageprodB0E4172A
 └─ [~] DeploymentId
     └─ [~] .Ref:
         ├─ [-] AuthApiDeploymentB62B2E46e6df84b588a887363a13ab29adc3623c
         └─ [+] AuthApiDeploymentB62B2E46b5c04cfbd7bd117a1ee4f8acc7bb74f8
[~] AWS::ApiGateway::Stage TokenApiDeploymentStageprod11035AE4
 └─ [~] DeploymentId
     └─ [~] .Ref:
         ├─ [-] TokenApiDeploymentB896C219b16a73c2bacf13dff150a851137e236c
         └─ [+] TokenApiDeploymentB896C2197f4fd8f40928d8ff6b65325e6f60c797
[~] AWS::ApiGateway::Stage ProfileApiDeploymentStageprodF609D968
 └─ [~] DeploymentId
     └─ [~] .Ref:
         ├─ [-] ProfileApiDeployment84A54415e0158c62574d24c31b8dbd21e82873c4
         └─ [+] ProfileApiDeployment84A54415afa95090416ea0bbd4b1d2aac5a9241c
[~] AWS::Lambda::Function ChannelApiHandler02759D57
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] 764cb007e08bee805d3e8e022246154737f36535677e7109c0908e7d266c6525.zip
 │       └─ [+] 7e95b9922db869c2a87fd458d5f11883a330cc82f460465da85ae5cc43cb204d.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] asset.764cb007e08bee805d3e8e022246154737f36535677e7109c0908e7d266c6525
         └─ [+] asset.7e95b9922db869c2a87fd458d5f11883a330cc82f460465da85ae5cc43cb204d

No Changes for stack: Frontend-prod ✅
No Changes for stack: Monitoring-prod ✅

Generated for commit 3215159 at 2026-04-08T22:45:16.150Z

@layertwo layertwo merged commit b21dc7c into mainline Apr 9, 2026
10 checks passed
@renovate renovate bot deleted the renovate/pypi-cryptography-vulnerability branch April 9, 2026 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@layertwo