From 145110cbe22fbccd735ce844a3a7ba0f16f1982f Mon Sep 17 00:00:00 2001 From: "priyal.chawda@mendix.com" Date: Thu, 23 Apr 2026 18:38:08 +0530 Subject: [PATCH 1/2] fix: update cryptography to 46.0.7 to address CVE-2026-39892 - Updated cryptography from 46.0.5 to 46.0.7 - Fixes buffer overflow vulnerability in non-contiguous buffer handling - Regenerated requirements.txt with Python 3.10 - All unit tests passing (184 passed) - All linting checks passing --- requirements.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.in b/requirements.in index edee2e58..4417521a 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,6 @@ backoff==2.2.1 certifi==2024.8.30 -cryptography==46.0.5 +cryptography==46.0.7 distro==1.9.0 httplib2==0.22.0 jinja2==3.1.6 diff --git a/requirements.txt b/requirements.txt index 91b30ca7..7730b314 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ cffi==2.0.0 # via cryptography charset-normalizer==2.0.3 # via requests -cryptography==46.0.5 +cryptography==46.0.7 # via -r requirements.in distro==1.9.0 # via -r requirements.in From 4e0365b06025704f03c9c99f44566bd7824863e8 Mon Sep 17 00:00:00 2001 From: "priyal.chawda@mendix.com" Date: Mon, 27 Apr 2026 15:49:50 +0530 Subject: [PATCH 2/2] Bumped the cryptography module version to latest 47.0.0 --- requirements.in | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.in b/requirements.in index 4417521a..20fd018a 100644 --- a/requirements.in +++ b/requirements.in @@ -1,6 +1,6 @@ backoff==2.2.1 certifi==2024.8.30 -cryptography==46.0.7 +cryptography==47.0.0 distro==1.9.0 httplib2==0.22.0 jinja2==3.1.6 diff --git a/requirements.txt b/requirements.txt index 7730b314..414ae8e2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ cffi==2.0.0 # via cryptography charset-normalizer==2.0.3 # via requests -cryptography==46.0.7 +cryptography==47.0.0 # via -r requirements.in distro==1.9.0 # via -r requirements.in