Skip to content

chore(deps): bump cryptography from 46.0.5 to 46.0.6#2

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/cryptography-46.0.6
Closed

chore(deps): bump cryptography from 46.0.5 to 46.0.6#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/cryptography-46.0.6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 29, 2026
edited
Loading

Bumps cryptography from 46.0.5 to 46.0.6.

Changelog

Sourced from cryptography's changelog.

46.0.6 - 2026-03-25


* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied
  to peer names during verification when the leaf certificate contains a
  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,
  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for
  reporting the issue. **CVE-2026-34073**

.. _v46-0-5:

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 29, 2026
@dependabot
chore(deps): bump cryptography from 46.0.5 to 46.0.6
043a347 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.5...46.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/cryptography-46.0.6 branch from 96636c8 to 043a347 Compare April 2, 2026 01:36
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 8, 2026

Looks like cryptography is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 8, 2026
@dependabot dependabot Bot deleted the dependabot/uv/cryptography-46.0.6 branch April 8, 2026 02:12
gitpcl pushed a commit that referenced this pull request May 24, 2026
feat(sprint-026): close 6 defects in branch-mode + herdr backend rollout
c8f267a 
Sprint 026 closes six concrete defects exposed by post-merge review of
the Sprint 023 (branch mode) + Sprint 025 (herdr) surfaces. No new
features; defect closure + regression-test hardening only.

Phase 1 — session_type on status rows (defect #1 root cause)
- models/status.py: session_type: Literal['worktree', 'branch'] = 'worktree'
- core/status.py: schema 3.2 with ALTER TABLE migration for legacy DBs
- _upsert_status / _row_to_status round-trip the field
- agent_launcher.py threads request.session_type through both
  interactive and headless paths via _init_pane_tracking

Phase 2 — Doctor branch-mode safety (defect #1)
- commands/doctor.py rewritten: partition statuses by session_type
- worktree rows reconciled against git worktree list as before
- branch rows reconciled against git branch --list — orphan iff
  backend session dead AND branch absent. Never compared to worktree
  list, so a healthy in-place branch session is never destroyed by --fix.
- --fix dispatches to the right teardown per session_type

Phase 3 — herdr socket plumbing (defect #2)
- detect_herdr(socket_session, socket_path=None) — probe targets the
  same socket the backend will actually use
- New select_backend_for_session(session) helper reconstructs the
  backend from a recorded BackendSession, preserving meta['socket']
  end-to-end (was silently dropped before)
- All call sites in commands/agent.py, commands/worktree.py, commands/
  doctor.py, core/pane_actions.py, core/status.py replaced
- HerdrBackend.create_session / session_for now persist herdr_session +
  socket in BackendSession.meta for deterministic reconstruction

Phase 4 — Attach forced-backend re-resolution (defect #3)
- commands/worktree.py:attach_worktree: when --tmux/--herdr conflicts
  with the recorded backend, call forced_backend.session_for(name)
  instead of coercing the recorded id (tmux and herdr ids are
  different shapes — coercing would silently misroute)
- Raises ClickException with a clear message when the forced backend
  can't find a session, naming both kinds so the user can correct

Phase 5 — Branch-mode parity in send / switch / delete (defect #4)
- New commands/_shared.py:resolve_session_target() helper: tries
  WorktreeManager.get first, falls back to status DB on
  WorktreeNotFoundError so branch-mode sessions are first-class
- commands/agent.py:send_to_worktree, commands/worktree.py:switch /
  delete / attach all route through the helper
- delete on a branch row dispatches to branch teardown (delete_branch
  + pop_stash) instead of trying to remove a non-existent worktree dir

Phase 6 — Headless skips backend resolution (defect #5)
- commands/worktree.py:new_worktree: backend resolution moved inside
  the non-headless branch. [backend] mode='herdr' + --headless +
  herdr uninstalled is now a legal CI configuration.

Phase 6a — Herdr submit chokepoint audit + tests (defect #6, in-scope)
- core/herdr_backend.py audited: every pane.send_text that delivers
  user/agent-facing text routes through _send_line(); send_keys is
  reserved for raw control sequences
- 6 new unit tests: default ('\r'), text:\r\n override, keys:Enter
  override, keys-failure fallback, unknown-mode warning, env-unset
- Manual matrix file (tests/manual/herdr_submit_matrix.md) ready for
  the empirical lock-in — this is the one acceptance criterion that
  requires a live herdr build and stays open in TODO.json

Phase 7 — Test-suite hardening
- conftest.py: shared herdr_socket_path fixture (short /tmp path,
  macOS sun_path is 104 chars and pytest tmp_path overflows)
- 3 herdr test files migrated to the fixture
- Fixed I001 import ordering in test_agent_launcher_herdr.py
- New tests:
  * test_commands_doctor.py: branch-mode safety, dead-branch detection,
    mixed fleet, herdr-backed worktree (4 cases)
  * test_cli_herdr_flags.py: forced-override re-resolution against
    opposite-kind recorded sessions (3 cases)
  * test_branch_mode.py: send / switch / delete on in-place branch
    sessions (3 cases)
  * test_headless_no_backend.py (new): asserts headless launch never
    calls select_backend even with [backend] mode='herdr'

Phase 8 — Docs sync
- README.md: backend recording fields, attach override semantics,
  branch-mode parity, headless+herdr, TUI prompt submission
- SKILL.md: same updates with explicit Sprint 026 phase tagging
- docs/herdr-integration.md: new sections for branch-mode parity,
  headless+herdr, and "Agent prompt submission (TUI agents)" with
  the full OWT_HERDR_SUBMIT escape hatch reference

Verification: 1440 passed / 5 skipped (+17 from 1423 baseline);
ruff check + ruff format + mypy all clean. TODO.json: 116/117 complete;
the open item is the herdr-submit empirical matrix lock-in.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants