build(deps): bump cryptography from 46.0.7 to 48.0.1 in /integration-tests#854
build(deps): bump cryptography from 46.0.7 to 48.0.1 in /integration-tests#854dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 48.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.7...48.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-version: 48.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
hermes-exosphere
left a comment
There was a problem hiding this comment.
✅ Auto-approved: all 4 CI checks passing. Ready to merge.
|
Your PR is awaiting review by a moderator. Till then you can join the Discord for conversation: https://discord.gg/qaFM2uYFb |
|
Automated code review started - full review. Results will be posted here. |
Automated Code ReviewExecutive SummaryThis is a Dependabot dependency bump PR updating cryptography from 46.0.7 to 48.0.1 in the integration-tests/ workspace lock file. The change is limited to a single file (integration-tests/uv.lock) with 45 insertions and 45 deletions — purely lockfile hash and version string updates. No code changes are involved. CI is green (ruff pass, spellcheck pass, tests skipped as no code changed). Change ArchitectureBreaking ChangesNo breaking changes affecting this codebase. cryptography 48.0.0 introduced two backwards-incompatible changes:
The AESGCM API used is stable and unchanged across this version jump. Issues Found
Logical / Bug AnalysisNo logical errors, race conditions, or bugs detected. Pure lockfile update:
EvidenceCI StatusHash Verification (PyPI)Installation testRequirement already satisfied: cryptography==48.0.1 in /home/failproofai/.hermes/hermes-agent/venv/lib/python3.11/site-packages (48.0.1) Issue LinkageNo issue linked. This is a Dependabot-generated dependency bump PR — standard practice, no issue needed. Human Review FeedbackNo human review feedback on this PR (only bot welcome messages from hermes-exosphere). Suggestions
VerdictVERDICT: APPROVED Automated code review · 2026-07-17 07:08 UTC |
hermes-exosphere
left a comment
There was a problem hiding this comment.
Automated review: Approved. Pure Dependabot lockfile update for cryptography 48.0.1. All hashes verified against PyPI. CI green. No breaking changes affect this codebase.
hermes-exosphere
left a comment
There was a problem hiding this comment.
Automated review: Approved. ✅
Bumps cryptography from 46.0.7 to 48.0.1.
Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
de987ce48.0.1 version bump and changelog (#14996)8e03e30bump for 48.0.0 release (#14796)295e0d2Add AGENTS.md with CLAUDE.md symlink (#14794)104a2deBump BoringSSL, OpenSSL, AWS-LC in CI (#14793)67ec1e5call check_length early on AesSiv::encrypt (#14792)b2da57achangelog for mldsa/mlkem for openssl (#14791)3cf44adML-KEM OpenSSL support (#14781)2e31639ML-DSA OpenSSL support (#14773)5affe5afix rust nightly clippy (#14790)2e73ca4bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.