From 82d9eff1f8260c5f3529c63d20be6beb888ae732 Mon Sep 17 00:00:00 2001 From: "bhavin.shah" Date: Tue, 30 Jun 2026 12:37:38 +0530 Subject: [PATCH] Security: Fix CVE-2026-45409 (idna) and GHSA-537c-gmf6-5ccf (cryptography) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upgrades dependencies to address high-severity vulnerabilities: - cryptography 47.0.0 → 48.0.1: Fixes vulnerable OpenSSL in wheels - idna 3.10 → 3.15: Fixes DoS vulnerability in IDNA encoding CVE-2026-45409: idna versions prior to 3.15 were vulnerable to DoS attacks via specially crafted inputs to idna.encode() function. GHSA-537c-gmf6-5ccf: cryptography wheels prior to 48.0.1 included a statically linked copy of OpenSSL with security vulnerabilities. --- requirements-dev.in | 2 +- requirements.in | 3 ++- requirements.txt | 8 +++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/requirements-dev.in b/requirements-dev.in index 5b3a8da82..5ed8b5594 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -1,5 +1,5 @@ click==8.1.7 -idna==3.10 +idna==3.15 pytest==8.3.3 pytest-timer==1.0.0 pytest-timeout==2.3.1 diff --git a/requirements.in b/requirements.in index 7b668abec..57a369315 100644 --- a/requirements.in +++ b/requirements.in @@ -1,8 +1,9 @@ backoff==2.2.1 certifi==2024.8.30 -cryptography==47.0.0 +cryptography==48.0.1 distro==1.9.0 httplib2==0.22.0 +idna==3.15 jinja2==3.1.6 omegaconf==2.3.0 psycopg2-binary==2.9.10 diff --git a/requirements.txt b/requirements.txt index 84236d78b..8e3483636 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,14 +16,16 @@ cffi==2.0.0 # via cryptography charset-normalizer==2.0.3 # via requests -cryptography==47.0.0 +cryptography==48.0.1 # via -r requirements.in distro==1.9.0 # via -r requirements.in httplib2==0.22.0 # via -r requirements.in -idna==3.10 - # via requests +idna==3.15 + # via + # -r requirements.in + # requests jinja2==3.1.6 # via -r requirements.in markupsafe==2.0.1