Skip to content

chore(deps): bump cryptography from 46.0.5 to 46.0.6 in the cryptography group across 1 directory#8853

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/develop/cryptography-6ba9ca5f64
Open

chore(deps): bump cryptography from 46.0.5 to 46.0.6 in the cryptography group across 1 directory#8853
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/pip/develop/cryptography-6ba9ca5f64

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 26, 2026
edited
Loading

Bumps the cryptography group with 1 update in the / directory: cryptography.

Updates cryptography from 46.0.5 to 46.0.6

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 26, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 26, 2026 08:14
@dependabot dependabot bot added python Pull requests that update Python code dependencies Pull requests that update a dependency file labels Mar 26, 2026
@dependabot
chore(deps): bump cryptography in the cryptography group
80f5a5f 
Bumps the cryptography group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.5 to 46.0.6
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cryptography
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title chore(deps): bump cryptography from 46.0.5 to 46.0.6 in the cryptography group chore(deps): bump cryptography from 46.0.5 to 46.0.6 in the cryptography group across 1 directory Mar 27, 2026
@dependabot dependabot bot force-pushed the dependabot/pip/develop/cryptography-6ba9ca5f64 branch from a158bd7 to 80f5a5f Compare March 27, 2026 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seshubaws seshubaws seshubaws approved these changes

@vicheey vicheey vicheey approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file pr/internal python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seshubaws @vicheey