Skip to content

Build(deps): Bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#23

Open
dependabot[bot] wants to merge 386 commits into
mainfrom
dependabot/pip/pip-3344959f9f
Open

Build(deps): Bump cryptography from 46.0.6 to 46.0.7 in the pip group across 1 directory#23
dependabot[bot] wants to merge 386 commits into
mainfrom
dependabot/pip/pip-3344959f9f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip group with 1 update in the / directory: cryptography.

Updates cryptography from 46.0.6 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

The StreamableHTTPSessionManager requires its run() async context
manager to be active before handling requests. When mounted as a
FastAPI sub-app via app.mount(), the inner Starlette app's lifespan
is not invoked, leaving the anyio task group uninitialised.

Fix: enter session_manager.run() inside the FastAPI lifespan so the
task group is active for the full server lifetime. Requests to /mcp
no longer fail with "Task group is not initialized".
StreamableHTTPSessionManager.run() can only be called once per instance.
Tests create multiple TestClient(app) contexts per process, each triggering
the lifespan. Reset _session_manager and recreate _mcp_asgi_inner at lifespan
startup so every entry gets a fresh instance.
traefik:v2.11 ships Go 1.24.1 which carries CVE-2025-68121 (CVSS 10),
CVE-2025-22871 (9.1), and ~15 additional HIGH/MEDIUM Go stdlib CVEs.
traefik:v3 builds with a patched Go release that resolves these.

All existing CLI flags and Docker labels are v3-compatible. No config
changes required. ubuntu/* CVEs (open-webui, ollama) are third-party
images outside TelsonBase scope — documented in Dockerfile.
mcp_server is attached to 4 networks. Without traefik.docker.network,
Traefik selects the first container IP alphabetically — telsonbase_ai
(172.21.x.x) — which Traefik is not connected to, causing silent
proxy timeouts on all requests through port 80.

Also adds PathPrefix('/') catch-all router rule for dev mode.
Production overlay retains Host-based routing.
Signed-off-by: Jeff Phillips <211976194+QuietFireAI@users.noreply.github.com>
QuietFireAI and others added 26 commits March 26, 2026 00:06
The client fixture already cleared rate_limiter._buckets (in-memory fallback)
but the Redis-backed Lua token-bucket key was never reset between tests. In CI
where Redis is available, the same hashed API key accumulates requests across
tests until the burst budget (20) is exhausted, causing compliance route tests
to return 429 instead of 200/500.

Fix: delete all ratelimit:* keys from Redis DB15 at the start of each test,
alongside the existing audit-chain and RBAC flushes.
…state bleed

AgentKeyRegistry loads signing:revoked_agents from Redis on __init__; tests that
revoke agent-001 contaminate subsequent tests whose fresh registry instance picks
up the revocation and raises PermissionError on register_agent.

AnomalyMonitor loads _recent_denials from Redis on __init__; tests that record
denials above threshold contaminate tests that expect zero denials below threshold.

Flush signing:*, security:signing:revoked_agents, security:recent_denials, and
security:threat_events in the conftest client fixture alongside the existing
rate-limit and RBAC/audit-chain flushes.
…t bleed

AgentKeyRegistry() calls _load_from_persistence() on init, loading
signing:revoked_agents from Redis. Tests that revoke agent-001 or agent_a
poison the next test's fresh registry instance, causing PermissionError
on register_agent even though the test is starting fresh.

BehaviorMonitor() loads _recent_denials from Redis on init. Tests that
record >0 denials can push a subsequent test over CAPABILITY_PROBE_THRESHOLD
before it records any denials itself.

Fix: flush relevant Redis keys in the registry and monitor fixtures
(test_core_signing_depth.py, test_core_anomaly_depth.py) and add an
autouse fixture in TestAgentKeyRegistry (test_signing.py).
- Product rename throughout: all source files, docs, tests, proof sheets,
  CITATION.cff, README, CHANGELOG, HuggingFace app.py
- GitHub repo renamed: QuietFireAI/ClawCoat → QuietFireAI/ClawFilters
- Domain updated: clawcoat.com → clawfilters.com
- Positioning: small business primary; regulated industries as quality signal
- "The Manners Engine" brand name removed from public copy; scoring mechanism
  retained as "behavioral scoring/filter" — architecture unchanged
- Audience broadened: "OpenClaw agents" → "AI agents" in public-facing copy
- clawcoat_dev defaults → clawfilters_dev in config.py
- Audit chain prefix: clawcoat_ → clawfilters_ in core/audit.py
- clawcoat_permissions DB column unchanged (migration deferred)
- CLAWCOAT_ENCRYPTION_KEY env var unchanged (internal implementation name)
- TELSONBASE_ENV and telsonbase_* Docker names unchanged
…ed files)

- M1: config.py line 380 error message now correctly names 'clawfilters_redis_dev'
- L1-L4: REM headers in config.py, audit.py, auth.py, middleware.py
- L5: .env.example header, DB/MQTT user defaults, Traefik/Telegram domain examples
- L6: FAQ.md TOC anchor links, version bump to v11.0.4
- L7: TELEGRAM_GUIDE.md example bot name and webhook domain
- L8: SECRETS_MANAGEMENT.md line 237 Redis dev default name
- L9: test_api.py federation fixture URL
- config.py default DATABASE_URL username/db updated to clawfilters
- test_core_config_depth.py: match updated DATABASE_URL default
- test_core_threat_response_depth.py: admin@clawcoat → admin@clawfilters.com
- INSTALLATION_GUIDE_WINDOWS.md: note corrected for new name
- agent-autonomy-sla-spec.json: all ClawCoat references + version updated
…ndabot)

Closes Dependabot MEDIUM (requests insecure temp file) and LOW (cryptography
DNS name constraint) alerts.
…val, delegation

- openclaw.py NH4: AnomalyDetector → BehaviorMonitor, check_agent → record()
  Anomaly gate was dead code since file was written; now functional
- email_sender.py: html.escape() on username/token/user_id; branding ClawFilters
- mfa.py: remove except:pass on encryption — TOTP secrets now fail-hard rather
  than silently storing plaintext when CLAWCOAT_ENCRYPTION_KEY is missing
- manners.py: load_from_persistence now reloads violation history from Redis;
  behavioral scoring and earned trust tiers were resetting on every restart
- auth_dependencies.py: global-permission API keys without RBAC user now blocked
  at MFA gate instead of silently bypassed
- approval.py: replace threading.Event with Redis polling in wait_for_decision;
  threading.Event is process-local — cross-worker approvals were hanging forever
- delegation.py: fix _capability_matches wildcard logic — admin.* now correctly
  matches admin.users.create (removed over-strict segment count check)
- file headers: TelsonBase → ClawFilters in threat_response, anomaly, trust_levels,
  rate_limiting, manners, email_sender, approval
…ence, nonce, compliance

- Replace all remaining TelsonBase/ file path headers with ClawFilters/ (100 files)
- email_verification.py: cleanup_expired now prunes VERIFIED tokens after 48h (OOM DoS)
- emergency_access.py: add cleanup_old_requests() to prune inactive requests from memory
- breach_notification.py: header fix only (Redis fallback already applied in batch 1)
- trust_levels.py: implement _load_from_persistence + _save_record; call _save_record on
  register_agent, promote, demote, quarantine — trust levels now survive worker restarts
- rate_limiting.py: add "agent" → UNLIMITED tier mapping (apex tier was missing, NH2 gap)
- audit.py: log Redis save failure instead of bare except: pass in _save_chain_state
- identiclaw.py: _check_nonce fails CLOSED on Redis outage (was fail-open, replay vector)
- compliance.py: _collect_audit_evidence queries real audit chain instead of returning stub
- tests/conftest.py: autouse fixture flushes security:trust before each test for isolation
- tests/test_core_trust_levels_depth.py: mgr fixture flushes security:trust for extra safety
- test_core_rate_limiting_depth.py: agent tier now maps to UNLIMITED (was testing old fail-open bug)
- test_identiclaw_depth.py: _check_nonce now fails CLOSED on Redis outage (two tests updated)
…h logging

- capabilities.py: CapabilityEnforcer now loads/saves from Redis (security:capabilities)
  for cross-worker consistency; add _load_from_redis() + _save_agent() + call in register_agent
- database.py: log exception details in check_db_health (was bare except with silent return False)
- tests/conftest.py: flush security:capabilities per-test alongside security:trust
…ersistence, delegation OOM

- captcha.py: add _load_challenge_from_redis() for cross-worker CAPTCHA verification;
  verify_challenge() falls back to Redis TTL key lookup when challenge not in local memory
- emergency_access.py: _check_expiry() now calls _save_record() after deactivating so
  all workers see the expired state immediately (cross-worker consistency)
- delegation.py: cleanup_expired() now prunes old EXPIRED/REVOKED delegations from
  _delegations, _by_grantor, _by_grantee after retention_hours (default 24h) to prevent
  unbounded memory growth (OOM DoS vector fixed)
…ol safety, auth log cap

- audit.py: add AUTH_SESSION_TERMINATED event type (L7 fix: terminate_session
  was incorrectly logging AUTH_SUCCESS for a termination event)
- session_management.py: use AUTH_SESSION_TERMINATED in terminate_session audit log
- middleware.py: enforce MAX_TRACKED_CLIENTS cap in _cleanup_stale_buckets fallback
  path — evicts oldest entries when bucket dict exceeds 10K (M16 fix)
- openclaw.py: unknown tools now default to ActionCategory.DELETE (gated at all trust
  levels) instead of WRITE_INTERNAL, preventing autonomous execution of unmapped tools
  (M18 fix)
- auth.py: cap _apikey_last_logged at 5K entries with expired-actor eviction before
  insert; skip logging rather than growing unbounded (M2 fix)
…validation

- rbac.py: _api_key_to_user now keyed by SHA-256 hash instead of raw API key
  (register_api_key + get_user_by_api_key both use hash — consistent with Redis
  storage added in H11 fix); raw key material no longer lives in-process heap (M13)
- middleware.py: validate X-Forwarded-For candidate against IPv4/IPv6 pattern before
  using as rate-limit bucket key — prevents header injection if Traefik is absent (M1)
…permanently

Previously, if Redis was unavailable at startup, _signing_store was set to False
and replay protection permanently degraded to in-memory only with no recovery path.
Now failure is not cached — each call retries, so replay protection self-heals once
Redis becomes available. Degraded state is logged explicitly so operators see it.
…r via Redis

- approval.py: @requires_approval decorator now extracts agent_id from task
  kwargs (agent_id=...) rather than current_task.request.hostname which is a
  Celery worker hostname, not an agent identity
- email_verification.py: resend rate limit (_check_rate_limit) now uses Redis
  INCR/EXPIRE as primary check for cross-worker consistency; in-memory list is
  retained as fallback when Redis is unavailable. New _record_resend() helper
  writes to both Redis and in-memory simultaneously.
After batch 2 made _check_nonce fail-closed (Redis unavailable = reject), the test
was mocking Redis as None (unavailable) while still expecting auth to succeed — a
contradiction. Now provides a proper Redis mock that returns exists=0 (nonce fresh)
and setex=True (nonce stored) so the test correctly validates the valid-signature path.
… Redis entry

The Redis-primary _check_rate_limit was returning True immediately when no Redis
key existed, bypassing in-memory _resend_tracking. When Redis has no entry (either
no resends yet or key expired), fall through to in-memory check so direct
_resend_tracking manipulation in unit tests continues to work correctly.
Resend rate-limit counters (INCR/EXPIRE in email_verification.py) persist to
Redis DB 15. Without flushing, integration tests that trigger resend emails
could see stale counts from previous test runs bleeding through.
- openclaw.py: add ActionCategory.COMMUNICATION for outbound comms channels
  (Slack, WhatsApp, Discord, Teams, SMS, Twilio); all tools remapped from
  EXTERNAL_REQUEST to COMMUNICATION; COMMUNICATION is gated at ALL trust tiers
  including CITIZEN and AGENT — human outreach always requires approval (M17)
- session_management.py: add mfa_verified to _save_record serialization and
  _get_session_from_redis deserialization; add set_mfa_verified(session_id) method
  that sets the flag and persists to Redis in one call (L11)
- auth_routes.py: login/mfa endpoint now calls session_manager.set_mfa_verified()
  instead of directly mutating session.mfa_verified (which was never saved)
- tests: update ActionCategory count (6 → 7) and slack_send assertion
COMMUNICATION is intentionally gated at all tiers (never autonomous) —
tests asserting 'all categories are autonomous for CITIZEN/AGENT' need
to exclude COMMUNICATION; add explicit gated assertions instead.
COMMUNICATION is always gated (never autonomous) — fix
test_citizen_has_all_autonomous to exclude COMMUNICATION and add
test_citizen_communication_is_gated as explicit assertion.
Bumps the pip group with 1 update in the / directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 46.0.6 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.6...46.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 8, 2026
@dependabot dependabot Bot requested a review from QuietFireAI as a code owner April 8, 2026 21:41
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant