build(deps-dev): bump cryptography from 46.0.5 to 46.0.7

[dependabot]

Bumps cryptography from 46.0.5 to 46.0.7.

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07

* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.
.. _v46-0-6:
46.0.6 - 2026-03-25

• SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

Commits

• 622d672 46.0.7 release (#14602)
• 91d7288 Cherry-pick #14542 (#14543)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Changelog Preview

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• Run SeaweedFS admin and worker instance by aldy505 in #4259
• Support custom CA certificates for all containers by aldy505 in #4216
• Remove 'vroom-cleanup' container by aldy505 in #4217

Bug Fixes 🐛

• (install) Gracefully handle missing containers in minimize-downtime by shameemkpofficial-git in #4246
• Explicit post release command for craft by aldy505 in #4273
• Use default buildx builder to resolve local images during build by maiqigh in #4250

Internal Changes 🔧

Deps

• Bump brace-expansion from 5.0.3 to 5.0.5 in /_integration-test/nodejs by dependabot in #4247
• Bump j178/prek-action from 2.0.0 to 2.0.1 by dependabot in #4264
• Bump BYK/docker-volume-cache-action from be89365902126f508dcae387a32ec3712df6b1cd to 0efa5cf5178c9906cb46ed8d1a357df8fd6b1a06 by dependabot in #4253
• Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 by dependabot in #4254
• Bump getsentry/craft from 2.23.2 to 2.24.1 by dependabot in #4221
• Bump astral-sh/setup-uv from 7.2.1 to 7.5.0 by dependabot in #4220

Other

• (deps-dev) Bump cryptography from 46.0.5 to 46.0.7 by dependabot[bot] in #4275

• Restore unpinned actions by aldy505 in #4243
• Swap pre-commit with prek by aldy505 in #4235

Other

• Bump postgres 14.22-bookworm by aminvakil in #4249

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Changelog Preview

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• Run SeaweedFS admin and worker instance by aldy505 in #4259
• Support custom CA certificates for all containers by aldy505 in #4216
• Remove 'vroom-cleanup' container by aldy505 in #4217

Bug Fixes 🐛

• (install) Gracefully handle missing containers in minimize-downtime by shameemkpofficial-git in #4246
• Explicit post release command for craft by aldy505 in #4273
• Use default buildx builder to resolve local images during build by maiqigh in #4250

Internal Changes 🔧

Deps

• Bump brace-expansion from 5.0.3 to 5.0.5 in /_integration-test/nodejs by dependabot in #4247
• Bump j178/prek-action from 2.0.0 to 2.0.1 by dependabot in #4264
• Bump BYK/docker-volume-cache-action from be89365902126f508dcae387a32ec3712df6b1cd to 0efa5cf5178c9906cb46ed8d1a357df8fd6b1a06 by dependabot in #4253
• Bump astral-sh/setup-uv from 7.6.0 to 8.0.0 by dependabot in #4254
• Bump getsentry/craft from 2.23.2 to 2.24.1 by dependabot in #4221
• Bump astral-sh/setup-uv from 7.2.1 to 7.5.0 by dependabot in #4220

Other

• (deps-dev) Bump cryptography from 46.0.5 to 46.0.7 by dependabot[bot] in #4275

• Restore unpinned actions by aldy505 in #4243
• Swap pre-commit with prek by aldy505 in #4235

Other

• Bump postgres 14.22-bookworm by aminvakil in #4249

---

_{🤖 This preview updates automatically when you update the PR.}