chore(deps): bump cryptography from 46.0.6 to 46.0.7

[dependabot]

Bumps cryptography from 46.0.6 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07

* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
.. _v46-0-6:

Commits

• 622d672 46.0.7 release (#14602)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[rtibblesbot]

Dependency Update Review

Package: cryptography 46.0.6 → 46.0.7
Semver risk: Patch
Dependency type: Production (transitive via google-auth)
CI status: Passing

Changelog Analysis

Sources consulted:

• PR body (changelog excerpt from CHANGELOG.rst)

Security fixes:

• CVE-2026-39892: Fixed buffer overflow — non-contiguous buffers could be passed to Python buffer APIs, potentially leading to a buffer overflow. Patch release specifically for this fix.

Other notable changes:

• Updated Windows, macOS, and Linux wheels compiled with OpenSSL 3.5.6.

Breaking changes: None.

Compatibility Assessment

• No API changes; patch-level security fix only
• No peer dependency changes
• No code migration required
• No prior failed attempts noted

Recommendation

APPROVE — Security patch with no breaking changes; CI passing.

---

@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly

How was this generated?

Reviewed the pull request diff checking for:

• Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
• Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
• Architecture: duplicated concerns, minimal interfaces, composition over inheritance
• Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
• Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
• Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
• Checked CI status and linked issue acceptance criteria
• For UI changes: inspected screenshots for layout, visual completeness, and consistency