From f0a2f3d9f75282317118125387a041aeef52103c Mon Sep 17 00:00:00 2001
From: JeffreyChen <zenxcvwait@gmail.com>
Date: Tue, 28 Apr 2026 14:37:25 +0800
Subject: [PATCH] Bump cryptography, opentelemetry, msal, PyYAML; cap boxsdk at
 <4

Sync runtime pins across requirements.txt / dev_requirements.txt / dev.toml /
stable.toml so dependabot's per-file PRs don't leave the four manifests out
of step.

- cryptography 46.0.7 -> 47.0.0
- opentelemetry-api 1.25.0 -> 1.41.1
- opentelemetry-sdk 1.25.0 -> 1.41.1
- msal 1.28.0 -> 1.36.0
- PyYAML 6.0 -> 6.0.3

boxsdk 10.x renamed the import path (`boxsdk` -> `box_sdk_gen`) and would
break automation_file/remote/box/client.py, so pin <4 to keep the legacy
import path. Migrating to box_sdk_gen is a separate effort.

Supersedes #64, #65, #67, #68 (dependabot PRs against single files);
declines #66 in favour of the <4 cap.
---
 dev.toml             | 12 ++++++------
 dev_requirements.txt |  2 +-
 requirements.txt     | 10 +++++-----
 stable.toml          | 12 ++++++------
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/dev.toml b/dev.toml
index 1d0f3a3..ec2af07 100644
--- a/dev.toml
+++ b/dev.toml
@@ -25,15 +25,15 @@ dependencies = [
     "paramiko>=3.4.0",
     "PySide6>=6.6.0",
     "watchdog>=4.0.0",
-    "cryptography>=46.0.7",
+    "cryptography>=47.0.0",
     "prometheus_client>=0.25.0",
     "defusedxml>=0.7.1",
-    "PyYAML>=6.0",
+    "PyYAML>=6.0.3",
     "pyarrow>=15.0.0",
-    "opentelemetry-api>=1.25.0",
-    "opentelemetry-sdk>=1.25.0",
-    "msal>=1.28.0",
-    "boxsdk>=3.14.0",
+    "opentelemetry-api>=1.41.1",
+    "opentelemetry-sdk>=1.41.1",
+    "msal>=1.36.0",
+    "boxsdk>=3.14.0,<4",
     "tomli>=2.0.1; python_version<\"3.11\""
 ]
 classifiers = [
diff --git a/dev_requirements.txt b/dev_requirements.txt
index 4d8702c..1469cc6 100644
--- a/dev_requirements.txt
+++ b/dev_requirements.txt
@@ -3,7 +3,7 @@ google-api-python-client
 google-auth-httplib2
 google-auth-oauthlib
 APScheduler
-cryptography>=46.0.7
+cryptography>=47.0.0
 prometheus_client>=0.25.0
 defusedxml>=0.7.1
 twine
diff --git a/requirements.txt b/requirements.txt
index e1006ba..76e9db9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,10 +8,10 @@ protobuf
 tqdm
 watchdog
 defusedxml>=0.7.1
-PyYAML>=6.0
+PyYAML>=6.0.3
 pyarrow>=15.0.0
-opentelemetry-api>=1.25.0
-opentelemetry-sdk>=1.25.0
-msal>=1.28.0
-boxsdk>=3.14.0
+opentelemetry-api>=1.41.1
+opentelemetry-sdk>=1.41.1
+msal>=1.36.0
+boxsdk>=3.14.0,<4
 tomli; python_version<"3.11"
\ No newline at end of file
diff --git a/stable.toml b/stable.toml
index 9c30413..e60cad9 100644
--- a/stable.toml
+++ b/stable.toml
@@ -25,15 +25,15 @@ dependencies = [
     "paramiko>=3.4.0",
     "PySide6>=6.6.0",
     "watchdog>=4.0.0",
-    "cryptography>=46.0.7",
+    "cryptography>=47.0.0",
     "prometheus_client>=0.25.0",
     "defusedxml>=0.7.1",
-    "PyYAML>=6.0",
+    "PyYAML>=6.0.3",
     "pyarrow>=15.0.0",
-    "opentelemetry-api>=1.25.0",
-    "opentelemetry-sdk>=1.25.0",
-    "msal>=1.28.0",
-    "boxsdk>=3.14.0",
+    "opentelemetry-api>=1.41.1",
+    "opentelemetry-sdk>=1.41.1",
+    "msal>=1.36.0",
+    "boxsdk>=3.14.0,<4",
     "tomli>=2.0.1; python_version<\"3.11\""
 ]
 classifiers = [