Skip to content

Chore(deps): Bump pynacl from 1.5 to 1.6.2#440

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/pynacl-1.6.2
Open

Chore(deps): Bump pynacl from 1.5 to 1.6.2#440
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/pynacl-1.6.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 24, 2026
edited
Loading

Bumps pynacl from 1.5 to 1.6.2.

Changelog

Sourced from pynacl's changelog.

1.6.2 (2026-01-01)

  • Updated libsodium to 1.0.20-stable (2025-12-31 build) to resolve CVE-2025-69277.

1.6.1 (2025-11-10)

  • The MAKE environment variable can now be used to specify the make binary that should be used in the build process.

1.6.0 (2025-09-11)

  • BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
  • Added support for the low level AEAD AES bindings.
  • Added support for crypto_core_ed25519_from_uniform.
  • Update libsodium to 1.0.20-stable (2025-08-27 build).
  • Added support for free-threaded Python 3.14.
  • Added support for Windows on ARM wheels.

1.5.0 (2022-01-07)

  • BACKWARDS INCOMPATIBLE: Removed support for Python 2.7 and Python 3.5.
  • BACKWARDS INCOMPATIBLE: We no longer distribute manylinux1 wheels.
  • Added manylinux2014, manylinux_2_24, musllinux, and macOS universal2 wheels (the latter supports macOS arm64).
  • Update libsodium to 1.0.18-stable (July 25, 2021 release).
  • Add inline type hints.

1.4.0 (2020-05-25)

  • Update libsodium to 1.0.18.
  • BACKWARDS INCOMPATIBLE: We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.
  • Added support for Python 3.8, and removed support for Python 3.4.
  • Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key
  • Add low level bindings for deterministic random generation.
  • Add wheel and setuptools setup_requirements in setup.py (#485)
  • Fix checks on very slow builders (#481, #495)
  • Add low-level bindings to ed25519 arithmetic functions
  • Update low-level blake2b state implementation
  • Fix wrong short-input behavior of SealedBox.decrypt() (#517)
  • Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format (#519)
  • Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Chore(deps): Bump pynacl from 1.5 to 1.6.2
d6e0ae4 
Bumps [pynacl](https://github.com/pyca/pynacl) from 1.5 to 1.6.2.
- [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pynacl@1.5.0...1.6.2)

---
updated-dependencies:
- dependency-name: pynacl
  dependency-version: 1.6.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 24, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 24, 2026

Failed to retrieve llama text: Invalid URL '/completion': No scheme supplied. Perhaps you meant https:///completion?

foxpatch-aleph
foxpatch-aleph approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@foxpatch-aleph foxpatch-aleph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a clean, straightforward dependency update bumping pynacl from 1.5 to 1.6.2. The primary motivation is the security fix in 1.6.2 which updates libsodium to 1.0.20-stable to resolve CVE-2025-69277. The project requires Python >=3.9 (line 13 of pyproject.toml), so the backwards-incompatible removal of Python 3.6/3.7 support in pynacl 1.6.0 is not a concern. The changelog shows no breaking API changes for existing functionality - only new features were added (AEAD AES bindings, crypto_core_ed25519_from_uniform). The version is correctly updated in all three locations: main dependencies, solana optional-dependencies, and tezos optional-dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@foxpatch-aleph foxpatch-aleph foxpatch-aleph approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@foxpatch-aleph