chore(deps): update dependency pyopenssl to v26 - autoclosed

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
pyOpenSSL (source)	==25.0.0 → ==26.0.0
pyopenssl (source)	==25.0.0 → ==26.0.0

---

Release Notes

pyca/pyopenssl (pyOpenSSL)

v26.0.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Dropped support for Python 3.7.
• The minimum cryptography version is now 46.0.0.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

• Added support for using aws-lc instead of OpenSSL.
• Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
• Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
• Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

v25.3.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

• Maximum supported cryptography version is now 46.x.

v25.2.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• The minimum cryptography version is now 45.0.7.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

• pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on connections by default, matching CPython's behavior.
• Added OpenSSL.SSL.Context.clear_mode.
• Added OpenSSL.SSL.Context.set_tls13_ciphersuites to set the allowed TLS 1.3 ciphers.
• Added OpenSSL.SSL.Connection.set_info_callback

v25.1.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

• Attempting using any methods that mutate an OpenSSL.SSL.Context after it
  has been used to create an OpenSSL.SSL.Connection will emit a warning. In
  a future release, this will raise an exception.

Changes:
^^^^^^^^

• cryptography maximum version has been increased to 45.0.x.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a routine dependency update for pyOpenSSL to version 26.0.0 across two project configurations. This update incorporates critical security enhancements and new functionalities, while also introducing breaking changes related to Python version compatibility and minimum cryptography dependency requirements.

Highlights

• Dependency Update: Updated the pyOpenSSL dependency from version 25.0.0 to 26.0.0 in two requirements.txt files.
• Backward-Incompatible Changes: Version 26.0.0 of pyOpenSSL drops support for Python 3.7 and requires a minimum cryptography version of 46.0.0.
• Security Fixes: Included fixes for a DTLS cookie callback buffer overflow (CVE-2026-27459) and improved exception handling in Context.set_tlsext_servername_callback (CVE-2026-27448).
• New Features: Added support for using aws-lc instead of OpenSSL and introduced OpenSSL.SSL.Connection.get_group_name.

Changelog

• cloud-media-livestream/keypublisher/requirements.txt
  • Updated pyOpenSSL from 25.0.0 to 26.0.0.
• cloud-sql/sql-server/sqlalchemy/requirements.txt
  • Updated pyOpenSSL from 25.0.0 to 26.0.0.

Activity

• Automated dependency update initiated by Renovate Bot.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates pyopenssl to v26.0.0. While this is likely intended to incorporate security updates, it introduces a critical dependency conflict in cloud-sql/sql-server/sqlalchemy/requirements.txt. The new pyopenssl version requires cryptography>=46.0.0, which is incompatible with the dependency cloud-sql-python-connector==1.20.0 that requires cryptography<43.0.0. This conflict will cause the installation to fail. Therefore, this PR cannot be merged in its current state.

[gemini-code-assist]

This update to pyopenssl==26.0.0 introduces a dependency conflict. According to its release notes, this version requires cryptography>=46.0.0. However, cloud-sql-python-connector==1.20.0 (on line 6) requires cryptography<43.0.0.

These conflicting version constraints are incompatible and will cause dependency resolution to fail during installation. This change should be reverted until a compatible version of cloud-sql-python-connector is available.