chore(deps): bump cryptography from 46.0.6 to 46.0.7#111
chore(deps): bump cryptography from 46.0.6 to 46.0.7#111dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.6 to 46.0.7. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.6...46.0.7) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Recompiled requirements.txt from pyproject.toml via uv pip compile. Both packages pass the 7-day exclude-newer supply-chain gate. - charset-normalizer 3.4.6 → 3.4.7 (released 2026-04-02) - claude-agent-sdk 0.1.50 → 0.1.54 (released 2026-04-02) Dependabot PRs #110 (pydantic-core), #111 (cryptography), #113 (claude-agent-sdk 0.1.58) propose versions blocked by the 7-day rule. PR #109 (importlib-metadata 9.0.0) also blocked by UV exclude-newer.
|
Closing: Released Apr 7 (2 days ago) — blocked by our 7-day supply-chain gate (pyproject.toml exclude-newer). This is a security fix (CVE-2026-39892) and will be picked up once it ages past the 7-day window. We already have --ignore-vuln in CI for the interim. See PR #117 for the dependency bumps that pass the 7-day supply-chain gate. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
…117) Recompiled requirements.txt from pyproject.toml via uv pip compile. Both packages pass the 7-day exclude-newer supply-chain gate. - charset-normalizer 3.4.6 → 3.4.7 (released 2026-04-02) - claude-agent-sdk 0.1.50 → 0.1.54 (released 2026-04-02) Dependabot PRs #110 (pydantic-core), #111 (cryptography), #113 (claude-agent-sdk 0.1.58) propose versions blocked by the 7-day rule. PR #109 (importlib-metadata 9.0.0) also blocked by UV exclude-newer.
1 participant
Bumps cryptography from 46.0.6 to 46.0.7.
Changelog
Sourced from cryptography's changelog.
Commits
622d67246.0.7 release (#14602)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)