Bump cryptography from 46.0.7 to 48.0.1

[dependabot]

Bumps cryptography from 46.0.7 to 48.0.1.

Changelog

Sourced from cryptography's changelog.

48.0.1 - 2026-06-09

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.1.
.. _v48-0-0:
48.0.0 - 2026-05-04

• BACKWARDS INCOMPATIBLE: Support for Python 3.8 has been removed. cryptography now requires Python 3.9 or later.

• BACKWARDS INCOMPATIBLE: Loading an X.509 CRL whose inner TBSCertList.signature algorithm does not match the outer signatureAlgorithm now raises ValueError. Previously, such CRLs were parsed successfully and only rejected during signature validation.

• Added support for :doc:/hazmat/primitives/asymmetric/mlkem and :doc:/hazmat/primitives/asymmetric/mldsa when using OpenSSL 3.5.0 or later, in addition to the existing AWS-LC and BoringSSL support. This means post-quantum algorithms are now available to users of our wheels.

  • Note: Going forward, we do not guarantee that all functionality in cryptography will be available when building against OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

47.0.0 - 2026-04-24

* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
</tr></table> 

... (truncated)

Commits

• de987ce 48.0.1 version bump and changelog (#14996)
• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	3		0	0	0.03s
✅ DOCKERFILE	hadolint	1		0	0	0.07s
✅ JSON	jsonlint	2		0	0	0.37s
✅ JSON	prettier	2	0	0	0	0.33s
✅ JSON	v8r	2		0	0	3.46s
✅ MARKDOWN	markdownlint	1	0	0	0	0.79s
✅ MARKDOWN	markdown-table-formatter	1	0	0	0	0.25s
✅ PYTHON	bandit	1		0	0	1.73s
✅ PYTHON	black	1	0	0	0	1.23s
✅ PYTHON	flake8	1		0	0	0.69s
✅ PYTHON	isort	1	0	0	0	0.22s
✅ PYTHON	mypy	1		0	0	3.14s
✅ PYTHON	pylint	1		0	0	5.64s
✅ PYTHON	pyright	1		0	0	3.72s
✅ PYTHON	ruff	1	0	0	0	0.03s
✅ REPOSITORY	checkov	yes		no	no	23.81s
✅ REPOSITORY	gitleaks	yes		no	no	0.29s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
⚠️ REPOSITORY	grype	yes		3	5	54.0s
✅ REPOSITORY	secretlint	yes		no	no	1.48s
✅ REPOSITORY	syft	yes		no	no	1.87s
⚠️ REPOSITORY	trivy	yes		3	5	13.59s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.22s
✅ REPOSITORY	trufflehog	yes		no	no	5.56s
✅ SPELL	lychee	10		0	0	0.86s
✅ YAML	prettier	6	0	0	0	0.63s
✅ YAML	v8r	6		0	0	6.85s
✅ YAML	yamllint	6		0	0	0.49s

Detailed Issues

⚠️ REPOSITORY / grype - 3 errors

error: A high vulnerability in python package: urllib3, version 2.6.3 was found at: /requirements.txt

warning: A medium vulnerability in python package: idna, version 3.11 was found at: /requirements.txt

error: A high vulnerability in python package: urllib3, version 2.6.3 was found at: /requirements.txt

warning: A medium vulnerability in python package: pyjwt, version 2.12.1 was found at: /requirements.txt

error: A high vulnerability in python package: pyjwt, version 2.12.1 was found at: /requirements.txt

note: A low vulnerability in python package: pyjwt, version 2.12.1 was found at: /requirements.txt

warning: A medium vulnerability in python package: pyjwt, version 2.12.1 was found at: /requirements.txt

warning: A medium vulnerability in python package: pyjwt, version 2.12.1 was found at: /requirements.txt

warning: 4 warnings emitted
error: 3 errors emitted

⚠️ REPOSITORY / trivy - 3 errors

warning: Package: idna
Installed Version: 3.11
Vulnerability CVE-2026-45409
Severity: MEDIUM
Fixed Version: 3.15
Link: [CVE-2026-45409](https://avd.aquasec.com/nvd/cve-2026-45409)
    ┌─ requirements.txt:281:1
    │
281 │ idna==3.11 \
    │ ^
    │
    = Internationalized Domain Names in Applications (IDNA) for Python provi ...
    = Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process. This is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. A specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service. Starting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support). A workaround is available. Domain names cannot exceed 253 characters in length. If this length limit is enforced prior to passing the domain to the `idna.encode()` function, it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.

error: Package: pyjwt
Installed Version: 2.12.1
Vulnerability CVE-2026-48526
Severity: HIGH
Fixed Version: 2.13.0
Link: [CVE-2026-48526](https://avd.aquasec.com/nvd/cve-2026-48526)
    ┌─ requirements.txt:293:1
    │
293 │ pyjwt[crypto]==2.12.1 \
    │ ^
    │
    = python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens
    = PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0.

warning: Package: pyjwt
Installed Version: 2.12.1
Vulnerability CVE-2026-48522
Severity: MEDIUM
Fixed Version: 2.13.0
Link: [CVE-2026-48522](https://avd.aquasec.com/nvd/cve-2026-48522)
    ┌─ requirements.txt:293:1
    │
293 │ pyjwt[crypto]==2.12.1 \
    │ ^
    │
    = python-pyjwt: PyJWT: Server-Side Request Forgery (SSRF) via uncontrolled URL fetching in PyJWKClient
    = PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku derivation) that this fix does not address. This vulnerability is fixed in 2.13.0.

warning: Package: pyjwt
Installed Version: 2.12.1
Vulnerability CVE-2026-48523
Severity: MEDIUM
Fixed Version: 2.13.0
Link: [CVE-2026-48523](https://avd.aquasec.com/nvd/cve-2026-48523)
    ┌─ requirements.txt:293:1
    │
293 │ pyjwt[crypto]==2.12.1 \
    │ ^
    │
    = python-pyjwt: PyJWT: Verifier-side algorithm bypass leads to unauthorized information access
    = PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification is performed with the algorithm bound to the PyJWK object instead of the header algorithm. An attacker who controls a registered JWK/JWKS private key can sign with a disallowed algorithm, advertise an allowed algorithm in the JWT header, and still be accepted. The issue affects the documented PyJWKClient.get_signing_key_from_jwt(...) flow. This vulnerability is fixed in 2.13.0.

warning: Package: pyjwt
Installed Version: 2.12.1
Vulnerability CVE-2026-48525
Severity: MEDIUM
Fixed Version: 2.13.0
Link: [CVE-2026-48525](https://avd.aquasec.com/nvd/cve-2026-48525)
    ┌─ requirements.txt:293:1
    │
293 │ pyjwt[crypto]==2.12.1 \
    │ ^
    │
    = python-pyjwt: PyJWT: Denial of Service via processing of crafted detached JWS tokens
    = PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b64=false, PyJWT later discards that decoded payload and replaces it with the caller-provided detached_payload. In practice, this turns the middle segment into an attacker-controlled “work amplifier”: a remote client can supply an arbitrarily large Base64URL payload segment that forces CPU work + memory allocations even if the signature is invalid. This creates an unauthenticated DoS vector against any endpoint that verifies detached JWS using PyJWT. This vulnerability is fixed in 2.13.0.

note: Package: pyjwt
Installed Version: 2.12.1
Vulnerability CVE-2026-48524
Severity: LOW
Fixed Version: 2.13.0
Link: [CVE-2026-48524](https://avd.aquasec.com/nvd/cve-2026-48524)
    ┌─ requirements.txt:293:1
    │
293 │ pyjwt[crypto]==2.12.1 \
    │ ^
    │
    = python-pyjwt: PyJWT: Denial of Service via unverified JSON Web Token key IDs
    = PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited outbound requests. The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior (rate limiting, transient errors) which is beyond the attacker's control. This vulnerability is fixed in 2.13.0.

error: Package: urllib3
Installed Version: 2.6.3
Vulnerability CVE-2026-44431
Severity: HIGH
Fixed Version: 2.7.0
Link: [CVE-2026-44431](https://avd.aquasec.com/nvd/cve-2026-44431)
    ┌─ requirements.txt:336:1
    │
336 │ urllib3==2.6.3 \
    │ ^
    │
    = urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
    = urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

error: Package: urllib3
Installed Version: 2.6.3
Vulnerability CVE-2026-44432
Severity: HIGH
Fixed Version: 2.7.0
Link: [CVE-2026-44432](https://avd.aquasec.com/nvd/cve-2026-44432)
    ┌─ requirements.txt:336:1
    │
336 │ urllib3==2.6.3 \
    │ ^
    │
    = urllib3: urllib3: Denial of Service due to excessive HTTP response decompression
    = urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

warning: 4 warnings emitted
error: 3 errors emitted

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository