Skip to content

deps: update cryptography requirement from >=44.0.0 to >=48.0.0#53

Merged
LEEI1337 merged 1 commit into
mainfrom
dependabot/pip/cryptography-gte-46.0.7
May 26, 2026
Merged

deps: update cryptography requirement from >=44.0.0 to >=48.0.0#53
LEEI1337 merged 1 commit into
mainfrom
dependabot/pip/cryptography-gte-46.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on cryptography to permit the latest version.

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04


* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

    

  • Note: Going forward, we do not guarantee that all functionality
    
in cryptography will be available when building against
    
OpenSSL. See :doc:/statements/state-of-openssl for more information.
    • 



.. _v47-0-0:


47.0.0 - 2026-04-24

  • Support for Python 3.8 is deprecated and will be removed in the next cryptography release.
  • BACKWARDS INCOMPATIBLE: Support for binary elliptic curves (SECT* classes) has been removed. These curves are rarely used and have additional security considerations that make them undesirable.
  • BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.x has been removed. OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC continue to be supported.
  • BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 4.1.
  • BACKWARDS INCOMPATIBLE: Loading keys with unsupported algorithms or keys with unsupported explicit curve encodings now raises :class:~cryptography.exceptions.UnsupportedAlgorithm instead of ValueError. This change affects :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key, :func:~cryptography.hazmat.primitives.serialization.load_der_private_key, :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key, :func:~cryptography.hazmat.primitives.serialization.load_der_public_key, and :meth:~cryptography.x509.Certificate.public_key when called on certificates with unsupported public key algorithms.
  • BACKWARDS INCOMPATIBLE: When parsing elliptic curve private keys, we now reject keys that incorrectly encode a private key of the wrong length because such keys are impossible to process in a constant-time manner. We do not believe keys with this problem are in wide use, however we may revert this change based on the feedback we receive.
  • Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to :class:~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES. In a

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added the enhancement New feature or request label Apr 20, 2026
@dependabot dependabot Bot requested a review from LEEI1337 as a code owner April 20, 2026 21:38
@dependabot dependabot Bot added the enhancement New feature or request label Apr 20, 2026
@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Apr 20, 2026

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@LEEI1337

LEEI1337 commented May 25, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot changed the title deps: update cryptography requirement from >=44.0.0 to >=46.0.7 deps: update cryptography requirement from >=44.0.0 to >=48.0.0 May 25, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/cryptography-gte-46.0.7 branch from 4d7287b to 02f4b68 Compare May 25, 2026 23:08
@LEEI1337 LEEI1337 mentioned this pull request May 26, 2026
Closed
@LEEI1337

LEEI1337 commented May 26, 2026

Copy link
Copy Markdown
Member

W46-A NSS-DEP-HEAL Triage (2026-05-26)

MAJOR (cryptography 44→48) — SECURITY-CRITICAL. Lokale Test-Suite (209/209) grün. Per Brain-Doktrin NICHT autonom mergen — Joe-Decision Pflicht. CI-rot zusätzlich durch pre-existing mypy-Errors (siehe #60).

Status: STAY-OPEN. Empfehlung: Erst #60 (main-CI healen) mergen, dann diesen PR. Lokale Verifikation: 2026-05-26 W46-A Sub-Agent.

— Beleg: ~/kb/raw/2026-05-26-welle-46-nss-dep-heal.md

@LEEI1337 LEEI1337 mentioned this pull request May 26, 2026
Merged
2 tasks
@dependabot
deps: update cryptography requirement from >=44.0.0 to >=48.0.0
4527535 
Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@44.0.0...48.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@LEEI1337 LEEI1337 force-pushed the dependabot/pip/cryptography-gte-46.0.7 branch from 02f4b68 to 4527535 Compare May 26, 2026 03:10
@LEEI1337 LEEI1337 merged commit 2674f88 into main May 26, 2026
@LEEI1337 LEEI1337 deleted the dependabot/pip/cryptography-gte-46.0.7 branch May 26, 2026 03:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LEEI1337 LEEI1337 Awaiting requested review from LEEI1337 LEEI1337 is a code owner

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LEEI1337