Bump Cryptography for multiple CVEs

Andrewrequested to merge
security/cryptography into dev

What does this MR do and why?

  • Bumps Cryptography to 48.0.0
  • Includes Cryptography patches for CVE-2026-26007 CVSSv4.0 8.2

Note we are jumping over versions affected by CVE-2026-34073 CVSSv4.0 1.7

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

  • Have you checked this doesn't interfere/conflict/duplicate someone elses work?
  • Have you fully tested your changes?
  • Have you resolved any lint issues?
  • Have you assigned a reviewer?
  • Have you applied correct labels?

Merge request reports