[PR #23287] [CLOSED] build(deps): bump cryptography from 46.0.5 to 46.0.6 in /backend #42757

New Issue

GiteaMirror · 2026-04-25T14:34:16-05:00

GiteaMirror commented

2026-04-25 14:34:16 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23287
Author: @dependabot[bot]
Created: 4/1/2026
Status: ❌ Closed

Base: dev ← Head: dependabot/pip/backend/dev/cryptography-46.0.6

📝 Commits (1)

97bb8c4 build(deps): bump cryptography from 46.0.5 to 46.0.6 in /backend

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 backend/requirements.txt (+1 -1)

📄 Description

Bumps cryptography from 46.0.5 to 46.0.6.

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25

* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

91d7288 Cherry-pick #14542 (#14543)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23287 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/1/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dependabot/pip/backend/dev/cryptography-46.0.6` --- ### 📝 Commits (1) - [`97bb8c4`](https://github.com/open-webui/open-webui/commit/97bb8c4cd6c3c69182b19853be7f7ea61b5daa01) build(deps): bump cryptography from 46.0.5 to 46.0.6 in /backend ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/requirements.txt` (+1 -1) </details> ### 📄 Description Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>. <blockquote> 46.0.6 - 2026-03-25 <pre><code> * **SECURITY ISSUE**: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for reporting the issue. **CVE-2026-34073** .. _v46-0-5: </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587"><code>91d7288</code></a> Cherry-pick <a href="https://redirect.github.com/pyca/cryptography/issues/14542">#14542</a> (<a href="https://redirect.github.com/pyca/cryptography/issues/14543">#14543</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.5...46.0.6">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=46.0.5&new-version=46.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- 🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

GiteaMirror added the pull-request label 2026-04-25 14:34:16 -05:00

GiteaMirror closed this issue

2026-04-25 14:34:18 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#42757