From 9b49785cfee238cff5072fa82c703c981765bcf9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Jun 2026 12:27:16 +0000
Subject: [PATCH] build(deps): update cryptography requirement from >=48.0.0 to
 >=49.0.0

Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/48.0.0...49.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 11959a6..f9e78cc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,7 +23,7 @@ qrcode[pil]>=8.2
 # STALE vs these floors; refresh them (see docs note) at a maintenance window.
 urllib3>=2.7.0          # CVE-2026-44431 / -44432 (transitive via requests)
 pillow>=12.2.0          # CVE-2026-42311 + others (transitive via qrcode[pil])
-cryptography>=48.0.0    # CVE-2026-39892 / -34073 (routes/auth + codec_license)
+cryptography>=49.0.0    # CVE-2026-39892 / -34073 (routes/auth + codec_license)
 
 # B8 / SR-31: argon2id for PIN hashing (replaces SHA-256). Memory-hard,
 # GPU-resistant. Optional dep — codec_pinhash falls back to SHA-256 when