Relax cryptography < 46.0.0 constraint to allow security patch

The constraint in [`requirements.txt`](https://github.com/runpod/runpod-python/blob/main/requirements.txt) pins `cryptography < 46.0.0`. This prevents upgrading to `cryptography >= 46.0.5`, which patches a high-severity vulnerability:

- **CVE-2026-26007** — Subgroup Attack due to missing subgroup validation for SECT curves
- Advisory: https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
- Severity: **HIGH**
- Fixed in: `cryptography >= 46.0.5`

Could you relax or remove the `< 46.0.0` upper bound? If there's a known incompatibility with cryptography 46.x, happy to help test.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Relax cryptography < 46.0.0 constraint to allow security patch #480

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Relax cryptography < 46.0.0 constraint to allow security patch #480

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions