From 9bac2092bcb513388529176cd4272ef058f21107 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 18 Feb 2026 15:30:56 +0800 Subject: [PATCH] Python: bump cryptography upper bound from <45 to <47 cryptography 46.0.5 fixes GHSA-vqmq-vfhg-gg2m (subgroup attack on SECT curves). The current <45 cap prevents users from upgrading. --- python/poetry.lock | 6 +++--- python/pyproject.toml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/python/poetry.lock b/python/poetry.lock index 1555a593..d78b2c9d 100644 --- a/python/poetry.lock +++ b/python/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. [[package]] name = "astroid" @@ -795,7 +795,7 @@ files = [ ] [package.dependencies] -astroid = ">=2.15.7,<=2.17.0-dev0" +astroid = ">=2.15.7,<=2.17.0.dev0" colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""} dill = [ {version = ">=0.2", markers = "python_version < \"3.11\""}, @@ -1117,4 +1117,4 @@ files = [ [metadata] lock-version = "2.1" python-versions = "^3.8.1" -content-hash = "888a17f698019facaa256c5b6215e1108ed443851d80a51852a66f7042834bd3" +content-hash = "7c6026266a0a1cd147170088ef4c79598f5c17c064f83935e07449128c1ab08b" diff --git a/python/pyproject.toml b/python/pyproject.toml index 7da50715..011f3185 100644 --- a/python/pyproject.toml +++ b/python/pyproject.toml @@ -11,7 +11,7 @@ keywords = ["truelayer"] include = ["LICENSE-APACHE", "LICENSE-MIT"] [tool.poetry.dependencies] -cryptography = ">=39,<45" +cryptography = ">=39,<47" python = "^3.8.1" [tool.poetry.group.dev.dependencies]