From 9776297f57c11c538e6892e1991e7d51390124d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Jun 2026 12:24:53 +0000
Subject: [PATCH] build(deps): update cryptography requirement from >=46.0.7 to
 >=48.0.0

Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.7...48.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 48.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index cafa38e..e098d6f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ qrcode[pil]>=8.0
 # STALE vs these floors; refresh them (see docs note) at a maintenance window.
 urllib3>=2.7.0          # CVE-2026-44431 / -44432 (transitive via requests)
 pillow>=12.2.0          # CVE-2026-42311 + others (transitive via qrcode[pil])
-cryptography>=46.0.7    # CVE-2026-39892 / -34073 (routes/auth + codec_license)
+cryptography>=48.0.0    # CVE-2026-39892 / -34073 (routes/auth + codec_license)
 
 # B8 / SR-31: argon2id for PIN hashing (replaces SHA-256). Memory-hard,
 # GPU-resistant. Optional dep — codec_pinhash falls back to SHA-256 when