build(deps): bump the dependencies group across 1 directory with 5 updates

[dependabot]

Updates the requirements on cryptography, cffi, pycparser, boto3 and botocore to permit the latest version.
Updates cryptography from 45.0.7 to 46.0.1

Changelog

Sourced from cryptography's changelog.

46.0.1 - 2025-09-16

* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
.. _v46-0-0:
46.0.0 - 2025-09-16

• BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.
• Support for OpenSSL < 3.0 is deprecated and will be removed in the next release.
• Support for x86_64 macOS (including publishing wheels) is deprecated and will be removed in two releases. We will switch to publishing an arm64 only wheel for macOS.
• Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in two releases. Users should move to a 64-bit Python installation.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.3.
• We now build ppc64le manylinux wheels and publish them to PyPI.
• We now build win_arm64 (Windows on Arm) wheels and publish them to PyPI.
• Added support for free-threaded Python 3.14.
• Removed the deprecated get_attribute_for_oid method on :class:~cryptography.x509.CertificateSigningRequest. Users should use :meth:~cryptography.x509.Attributes.get_attribute_for_oid instead.
• Removed the deprecated CAST5, SEED, IDEA, and Blowfish classes from the cipher module. These are still available in :doc:/hazmat/decrepit/index.
• In X.509, when performing a PSS signature with a SHA-3 hash, it is now encoded with the official NIST SHA3 OID.

.. _v45-0-7:

Commits

• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• 563c491 Update comment for pyopenssl-release tag (#13445)
• d2f6f7f Bump downstream dependencies in CI (#13439)
• e7ab02b we'll ship this with 3.5.3 why not (#13442)
• 0b68a4b Another pair of bump dependencies fix (#13444)
• e076d08 Attempt to fix commit message for bump downstreams (#13440)
• 6835ce8 Put correct version bounds for pyenchant in pins (#13441)
• Additional commits viewable in compare view

Updates cffi from 1.17.1 to 2.0.0

Release notes

Sourced from cffi's releases.

v2.0.0

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only) - huge thanks to the folks at Quansight Labs for all the work to get this one sorted!
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0

v2.0.0b1

What's Changed

• Add Python 3.14 support.
• Add CPython free-threaded support (3.14t+ only).
• Drop Python <= 3.8 support.
• Fix order dependency affecting nested type size calculation (#148).

Full Changelog: python-cffi/cffi@v1.17.1...v2.0.0b1

Commits

• 6366c01 release 2.0.0 (#196)
• 95c8476 2.0.0 post beta backports (#195)
• 195cbda Release 2.0.0b1 (#183)
• b4bbe79 fix version test to support beta
• 7ed073d Add support for the free-threaded build (#178)
• 67a170d Change the license from MIT to MIT-no-attribution, which is the same without ...
• 92645ec Add Python 3.14 support/testing (#177)
• 2b81170 doc: update test commands in Section Testing/development tips (#158)
• 25172b8 doc: update year (#153)
• b57a92c issue 147: force-compute nested structs before parent structs. Occurs mainly...
• Additional commits viewable in compare view

Updates pycparser from 2.22 to 2.23

Release notes

Sourced from pycparser's releases.

release_v2.23

What's Changed

• Allow abstract declarator "static" (GH issue #539) by @​gperciva in eliben/pycparser#545
• Add support for Python 3.13 by @​hugovk in eliben/pycparser#550
• Add dirent and socket typedefs. by @​MegaManSec in eliben/pycparser#558
• Support for labels with no statement by @​ignatirabo in eliben/pycparser#562
• Accept empty 'case' or 'default' labels by @​ignatirabo in eliben/pycparser#564
• fix: preserve parentheses for statement exprs by @​zawan-ila in eliben/pycparser#566
• fix: hex float types by @​zawan-ila in eliben/pycparser#567
• Explicit error for comments, with README link by @​cellularmitosis in eliben/pycparser#569
• showemptyattrs option on Node.show() by @​cellularmitosis in eliben/pycparser#570
• Add fake typedefs for GNU Extension 128-bit integers. by @​dj-wednesday in eliben/pycparser#577
• Typedef for __kernel_sa_family_t in linux/socket.h by @​crosser in eliben/pycparser#578

New Contributors

• @​gperciva made their first contribution in eliben/pycparser#545
• @​MegaManSec made their first contribution in eliben/pycparser#558
• @​ignatirabo made their first contribution in eliben/pycparser#562
• @​zawan-ila made their first contribution in eliben/pycparser#566
• @​cellularmitosis made their first contribution in eliben/pycparser#569
• @​dj-wednesday made their first contribution in eliben/pycparser#577
• @​crosser made their first contribution in eliben/pycparser#578

Full Changelog: eliben/pycparser@release_v2.22...release_v2.23

Commits

• 5b60167 Prepare for release 2.23
• 7b24736 Typedef for __kernel_sa_family_t in _fake_typedefs.h (#578)
• 90184f1 Add fake typedefs for GNU Extension 128-bit integers. (#577)
• f04fdcd showemptyattrs option on Node.show() (#570)
• 156eae7 Explicit error for comments, with README link (#569)
• 2215299 fix: hex float types (#567)
• 037bd31 fix: preserve parentheses for statement exprs (#566)
• 9cecc09 Accept empty 'case' or 'default' labels (#564)
• 7ae671d Support for labels with no statement (#562)
• 42b5423 Add dirent and socket typedefs. (#558)
• Additional commits viewable in compare view

Updates boto3 to 1.40.36

Commits

• 02ae095 Merge branch 'release-1.40.36'
• 5f59e53 Bumping version to 1.40.36
• 5a8e929 Add changelog entries from botocore
• 22fa3d5 Merge branch 'release-1.40.35'
• 22e132e Merge branch 'release-1.40.35' into develop
• 021298e Bumping version to 1.40.35
• 02961e6 Add changelog entries from botocore
• 1564e42 Merge branch 'release-1.40.34'
• b5c8399 Merge branch 'release-1.40.34' into develop
• dd6d06b Bumping version to 1.40.34
• Additional commits viewable in compare view

Updates botocore to 1.40.36

Commits

• 28c3ae2 Merge branch 'release-1.40.36'
• 95bd009 Bumping version to 1.40.36
• 674f0d1 Update endpoints model
• 0b599b5 Update to latest models
• 331de65 Merge branch 'release-1.40.35'
• 7871b95 Merge branch 'release-1.40.35' into develop
• 4451f93 Bumping version to 1.40.35
• 387a2a4 Update endpoints model
• fd4916f Update to latest models
• de187f3 Update sms-voice models and endpoint tests to latest version. (#3553)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jku]

ah, I told dependabot to ignore the sigstore release but of course that does not help since the previous sigstore release is also incompatible with cryptography... I will try to do a new sigstore-python release by next week, maybe we also need to come up with some other strategy there as this is quite annoying.

[jku]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.