build(deps): bump the simple group in /ci/builder with 3 updates

[dependabot]

Bumps the simple group in /ci/builder with 3 updates: cryptography, jupyterlab and types-markdown.

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• See full diff in compare view

Updates jupyterlab from 4.5.3 to 4.5.4

Release notes

Sourced from jupyterlab's releases.

v4.5.4

4.5.4

(Full Changelog)

Bugs fixed

• Avoid using system clipboard in Notebook widget #18474 (@​brichet)
• Update CodeMirror versions, fixing a few selection issues #18466 (@​krassowski)
• Fix debugger variable panel to render value 0 properly #18464 (@​itsmevichu)
• Consider both the content type and pattern match in DocumentRegistry.getFileTypeForModel() #18409 (@​krassowski)
• false in saveAs to avoid fetching file body #18379 (@​DeborahOlaboye)

Maintenance and upkeep improvements

• Bump Lumino packages to the 2026.2.5 release, fixing iframe resizing #18440 (@​jasongrout)

Documentation improvements

• Clarify notebook and cell metadata API changes in JupyterLab 4 #18304 (@​Krish-876)
• Document a change in the Code Editor source updates via sharedModel in JupyterLab 4 #18260 (@​Krish-876)
• Fix Contents API fetch documentation of the content default #18383 (@​ceasermikes002)
• Add AI rules #18322 (@​jtpio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​brichet (activity) | @​ceasermikes002 (activity) | @​DeborahOlaboye (activity) | @​itsmevichu (activity) | @​jasongrout (activity) | @​jtpio (activity) | @​krassowski (activity) | @​Krish-876 (activity)

Commits

• 2ecc1ee [ci skip] Publish 4.5.4
• 19f81fc Backport PR #18474 on branch 4.5.x (Avoid using system clipboard in Notebook ...
• b82e6d7 Backport PR #18466 on branch 4.5.x (Update CodeMirror versions, fixing a few ...
• c70c36e Backport PR #18440 on branch 4.5.x (Bump Lumino packages to the 2026.2.5 rele...
• 23b9ff5 Backport PR #18464 on branch 4.5.x (Fix debugger variable panel to render val...
• 553d941 Backport PR #18409 on branch 4.5.x (Consider both the content type and patter...
• d8acd39 Backport PR #18304 on branch 4.5.x (Clarify notebook and cell metadata API ch...
• e021969 Backport PR #18260 on branch 4.5.x (Document a change in the Code Editor sour...
• dc39ba5 Backport PR #18383 on branch 4.5.x (Fix Contents API fetch documentation of t...
• fd57db9 Backport PR #18322: Add AI rules (#18395)
• Additional commits viewable in compare view

Updates types-markdown from 3.10.0.20251106 to 3.10.2.20260211

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Pre-merge checklist

• The PR title is descriptive and will make sense in the git log.
• This PR has adequate test coverage / QA involvement has been duly considered. (trigger-ci for additional test/nightly runs)
• If this PR includes major user-facing behavior changes, I have pinged the relevant PM to schedule a changelog post.
• This PR has an associated up-to-date design doc, is a design doc (template), or is sufficiently small to not require a design.
• If this PR evolves an existing $T ⇔ Proto$T mapping (possibly in a backwards-incompatible way), then it is tagged with a T-proto label.
• If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label (example).