From e0ecaf9093749178aa125e94464b709ec3bee526 Mon Sep 17 00:00:00 2001
From: sangnn <nnsang1510@gmail.com>
Date: Tue, 23 Jun 2026 03:24:04 +0000
Subject: [PATCH] security: upgrade some package versions

---
 requirements/base.txt        | 2 +-
 requirements/development.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 88c7c1d..112c214 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -26,7 +26,7 @@ cbor2==5.9.0  # CVE-2024-26134, CVE-2026-26209 (DoS via recursion)
 
 # JWT / OIDC
 PyJWT==2.13.0  # CVE-2026-48526 (auth bypass via forged JWT), CVE-2026-32597
-cryptography==46.0.5  # CVE-2026-26007 (SECT subgroup attack)
+cryptography==43.0.3  # capped <44 by sshkey-tools 0.11.3; see .trivyignore for CVE-2026-26007
 
 # CORS
 Flask-CORS==6.0.0  # CVE-2024-6221 (ACAO handling)
diff --git a/requirements/development.txt b/requirements/development.txt
index e321c71..d9c256d 100644
--- a/requirements/development.txt
+++ b/requirements/development.txt
@@ -37,7 +37,7 @@ pytz==2023.3
 python-dotenv==1.0.0
 pydantic==2.5.0
 PyJWT==2.13.0
-cryptography==46.0.5
+cryptography==43.0.3  # capped <44 by sshkey-tools 0.11.3
 pycryptodome==3.20.0
 psycopg2-binary==2.9.9
 sshkey-tools==0.11.3