build(deps): bump the dependencies group across 1 directory with 6 updates

[dependabot]

Updates the requirements on cryptography, sigstore, cffi, pycparser, boto3 and botocore to permit the latest version.
Updates cryptography from 45.0.7 to 46.0.2

Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:
46.0.1 - 2025-09-16

• Fixed an issue where users installing via pip on Python 3.14 development versions would not properly install a dependency.
• Fixed an issue building the free-threaded macOS 3.14 wheels.

.. _v46-0-0:

46.0.0 - 2025-09-16

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.7 has been removed.
* Support for OpenSSL < 3.0 is deprecated and will be removed in the next
  release.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in two releases. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in two releases. Users should move to a 64-bit
  Python installation.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
* We now build ``ppc64le`` ``manylinux`` wheels and publish them to PyPI.
* We now build ``win_arm64`` (Windows on Arm) wheels and publish them to PyPI.
* Added support for free-threaded Python 3.14.
* Removed the deprecated ``get_attribute_for_oid`` method on
  :class:`~cryptography.x509.CertificateSigningRequest`. Users should use
  :meth:`~cryptography.x509.Attributes.get_attribute_for_oid` instead.
* Removed the deprecated ``CAST5``, ``SEED``, ``IDEA``, and ``Blowfish``
  classes from the cipher module. These are still available in
  :doc:`/hazmat/decrepit/index`.
* In X.509, when performing a PSS signature with a SHA-3 hash, it is now
  encoded with the official NIST SHA3 OID.
.. _v45-0-7:

Commits

• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• e076d08 Attempt to fix commit message for bump downstreams (#13440)
• Additional commits viewable in compare view

Updates sigstore from 3.6.5 to 3.6.6

Release notes

Sourced from sigstore's releases.

v3.6.6

Changed

• Improved error message when verifying bundles with rekor v2 entries (#1565)
• Added cryptography 46 to list of compatible cryptography releases (#1566)

Full Changelog: sigstore/sigstore-python@v3.6.5...v3.6.6

Changelog

Sourced from sigstore's changelog.

[3.6.6]

Changed

• Improved error message when verifying bundles with rekor v2 entries (#1565)
• Added cryptography 46 to list of compatible cryptography releases (#1566)

Commits

• 2a5e4e4 Bump cryptography maximum version (#1566)
• e1f762d [series/3.6.x] Better error when verifying rekorv2 entries (#1565)
• See full diff in compare view

Updates cffi from 1.17.1 to 2.0.0

Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0

v2.0.0b1

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only).
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0b1

Commits

• 6366c01 release 2.0.0 (#196)
• 95c8476 2.0.0 post beta backports (#195)
• 195cbda Release 2.0.0b1 (#183)
• b4bbe79 fix version test to support beta
• 7ed073d Add support for the free-threaded build (#178)
• 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
• 92645ec Add Python 3.14 support/testing (#177)
• 2b81170 doc: update test commands in Section Testing/development tips (#158)
• 25172b8 doc: update year (#153)
• b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
• Additional commits viewable in compare view

Updates pycparser from 2.22 to 2.23

Release notes

Sourced from pycparser's releases.

release_v2.23

What's Changed

• Allow abstract declarator "static" (GH issue #539) by @​gperciva in eliben/pycparser#545
• Add support for Python 3.13 by @​hugovk in eliben/pycparser#550
• Add dirent and socket typedefs. by @​MegaManSec in eliben/pycparser#558
• Support for labels with no statement by @​ignatirabo in eliben/pycparser#562
• Accept empty 'case' or 'default' labels by @​ignatirabo in eliben/pycparser#564
• fix: preserve parentheses for statement exprs by @​zawan-ila in eliben/pycparser#566
• fix: hex float types by @​zawan-ila in eliben/pycparser#567
• Explicit error for comments, with README link by @​cellularmitosis in eliben/pycparser#569
• showemptyattrs option on Node.show() by @​cellularmitosis in eliben/pycparser#570
• Add fake typedefs for GNU Extension 128-bit integers. by @​dj-wednesday in eliben/pycparser#577
• Typedef for __kernel_sa_family_t in linux/socket.h by @​crosser in eliben/pycparser#578

New Contributors

• @​gperciva made their first contribution in eliben/pycparser#545
• @​MegaManSec made their first contribution in eliben/pycparser#558
• @​ignatirabo made their first contribution in eliben/pycparser#562
• @​zawan-ila made their first contribution in eliben/pycparser#566
• @​cellularmitosis made their first contribution in eliben/pycparser#569
• @​dj-wednesday made their first contribution in eliben/pycparser#577
• @​crosser made their first contribution in eliben/pycparser#578

Full Changelog: eliben/pycparser@release_v2.22...release_v2.23

Commits

• 5b60167 Prepare for release 2.23
• 7b24736 Typedef for __kernel_sa_family_t in _fake_typedefs.h (#578)
• 90184f1 Add fake typedefs for GNU Extension 128-bit integers. (#577)
• f04fdcd showemptyattrs option on Node.show() (#570)
• 156eae7 Explicit error for comments, with README link (#569)
• 2215299 fix: hex float types (#567)
• 037bd31 fix: preserve parentheses for statement exprs (#566)
• 9cecc09 Accept empty 'case' or 'default' labels (#564)
• 7ae671d Support for labels with no statement (#562)
• 42b5423 Add dirent and socket typedefs. (#558)
• Additional commits viewable in compare view

Updates boto3 to 1.40.49

Commits

• 660a1ec Merge branch 'release-1.40.49'
• a06ac9e Bumping version to 1.40.49
• 4dd0569 Add changelog entries from botocore
• 5ad0248 Merge branch 'release-1.40.48'
• 578c49e Merge branch 'release-1.40.48' into develop
• 01618f3 Bumping version to 1.40.48
• f405a62 Add changelog entries from botocore
• 215c521 Merge branch 'release-1.40.47'
• f060117 Merge branch 'release-1.40.47' into develop
• 8613b80 Bumping version to 1.40.47
• Additional commits viewable in compare view

Updates botocore to 1.40.49

Commits

• dc8eb09 Merge branch 'release-1.40.49'
• 59b8492 Bumping version to 1.40.49
• fbc40ba Update endpoints model
• 2bd0a4c Update to latest models
• 0d7239e Merge customizations for QuickSight
• 9fbad5a Merge branch 'release-1.40.48'
• 96cb85e Merge branch 'release-1.40.48' into develop
• 08ee812 Bumping version to 1.40.48
• 5b36463 Update endpoints model
• cb48cd7 Update to latest models
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
sigstore	[>= 4.0.dev0, < 4.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions