Bump cryptography from 46.0.3 to 46.0.5 in /examples/genai/handoff by dependabot[bot] · Pull Request #661 · flyteorg/flyte-sdk

dependabot · 2026-02-12T19:55:30Z

Bumps cryptography from 46.0.3 to 46.0.5.

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27

Dropped support for win_arm64 wheels_.
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

Commits

06e120e bump version for 46.0.5 release (#14289)
0eebb9d EC check key on cofactor > 1 (#14287)
bedf6e1 fix openssl version on 46 branch (#14220)
e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.3...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

## Summary - Refreshed uv.lock files across all `examples/` directories after merging dependabot PRs (#875, #869, #661, #975) - 3 lock files had stale entries: `deploy_patterns/pyproject_package`, `project_structures/uv_project_lib/my_plugin`, `type_transformers/my_transformer` ## Test plan - [ ] CI passes (lock files are validated by `check uv.lock` job) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Ketan Umare <kumare3@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5. <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>. <blockquote> 46.0.5 - 2026-02-10 <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. .. v46-0-4: 46.0.4 - 2026-01-27 </code></pre> <ul> <li><code>Dropped support for win_arm64 wheels</code>_.</li> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.</li> </ul> .. _v46-0-3: </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad"><code>06e120e</code></a> bump version for 46.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"><code>0eebb9d</code></a> EC check key on cofactor > 1 (<a href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e"><code>bedf6e1</code></a> fix openssl version on 46 branch (<a href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471"><code>e6f44fc</code></a> bump for 46.0.4 and drop win arm64 due to CI issues (<a href="https://redirect.github.com/pyca/cryptography/issues/14217">#14217</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.3...46.0.5">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.3&new-version=46.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/flyteorg/flyte-sdk/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Katrina Rogan <katroganGH@gmail.com>

## Summary - Refreshed uv.lock files across all `examples/` directories after merging dependabot PRs (#875, #869, #661, #975) - 3 lock files had stale entries: `deploy_patterns/pyproject_package`, `project_structures/uv_project_lib/my_plugin`, `type_transformers/my_transformer` ## Test plan - [ ] CI passes (lock files are validated by `check uv.lock` job) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Ketan Umare <kumare3@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Katrina Rogan <katroganGH@gmail.com>

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Feb 12, 2026

dependabot Bot force-pushed the dependabot/uv/examples/genai/handoff/cryptography-46.0.5 branch from b6d99c1 to c7970bd Compare February 21, 2026 01:05

kumare3 previously approved these changes Mar 6, 2026

View reviewed changes

kumare3 force-pushed the dependabot/uv/examples/genai/handoff/cryptography-46.0.5 branch from c7970bd to 21d0655 Compare March 27, 2026 04:56

kumare3 dismissed their stale review via 1c013fd April 16, 2026 04:22

kumare3 force-pushed the dependabot/uv/examples/genai/handoff/cryptography-46.0.5 branch from 21d0655 to 1c013fd Compare April 16, 2026 04:22

kumare3 approved these changes Apr 16, 2026

View reviewed changes

kumare3 merged commit e8fcb04 into main Apr 16, 2026
13 checks passed

dependabot Bot deleted the dependabot/uv/examples/genai/handoff/cryptography-46.0.5 branch April 16, 2026 04:22

kumare3 mentioned this pull request Apr 16, 2026

Update uv.lock files in examples #976

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump cryptography from 46.0.3 to 46.0.5 in /examples/genai/handoff#661

Bump cryptography from 46.0.3 to 46.0.5 in /examples/genai/handoff#661
kumare3 merged 1 commit intomainfrom
dependabot/uv/examples/genai/handoff/cryptography-46.0.5

dependabot Bot commented on behalf of github Feb 12, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Feb 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Feb 12, 2026 •

edited

Loading