Skip to content

Commit 94901a2

Browse files
dependabot[bot]dependabot[bot]
authored
Bump cryptography from 44.0.3 to 45.0.2 (#10873)
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.3 to 45.0.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>45.0.2 - 2025-05-17</p> <pre><code> * Fixed using ``mypy`` with ``cryptography`` on older versions of Python. <p>.. _v45-0-1:</p> <p>45.0.1 - 2025-05-17<br /> </code></pre></p> <ul> <li>Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.</li> </ul> <p>.. _v45-0-0:</p> <p>45.0.0 - 2025-05-17 (YANKED)</p> <pre><code> * Support for Python 3.7 is deprecated and will be removed in the next ``cryptography`` release. * Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0. * Added support for serialization of PKCS#12 Java truststores in :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore` * Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded` methods to support password hashing in the PHC string format * Added support for PKCS7 decryption and encryption using AES-256 as the content algorithm, in addition to AES-128. * **BACKWARDS INCOMPATIBLE:** Made SSH private key loading more consistent with other private key loading: :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key` now raises a ``TypeError`` if the key is unencrypted but a password is provided (previously no exception was raised), and raises a ``TypeError`` if the key is encrypted but no password is provided (previously a ``ValueError`` was raised). * We significantly refactored how private key loading ( :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` and :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`) works. This is intended to be backwards compatible for all well-formed keys, therefore if you discover a key that now raises an exception, please file a bug with instructions for reproducing. * Added ``unsafe_skip_rsa_key_validation`` keyword-argument to :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`. * Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash` to support repeated :meth:`~cryptography.hazmat.primitives.hashes.XOFHash.squeeze` operations on extendable output functions. * Added :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_response_by_hash` method to allow creating OCSP responses using certificate hash values rather than full certificates. &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/f81c07535ddf2d26cb1a27e70a9967ab708b8056"><code>f81c075</code></a> Backport mypy fixes for release (<a href="https://redirect.github.com/pyca/cryptography/issues/12930">#12930</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/8ea28e0bc724e57433f4f062795d91c0a367e9ad"><code>8ea28e0</code></a> bump for 45.0.1 (<a href="https://redirect.github.com/pyca/cryptography/issues/12922">#12922</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/67840977c95a23d0dcfba154e303014026df0d3e"><code>6784097</code></a> bump for 45 release (<a href="https://redirect.github.com/pyca/cryptography/issues/12886">#12886</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/2d9c1c9cbe650f2888c14476a4b30ef85d3fd2bc"><code>2d9c1c9</code></a> bump MSRV to 1.74 (<a href="https://redirect.github.com/pyca/cryptography/issues/12919">#12919</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/6c18874cc2e76f173b77c67609cfb4d3495964c3"><code>6c18874</code></a> Bump BoringSSL, OpenSSL, AWS-LC in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/12918">#12918</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/43fd312aea73e4ad79a54c78848e73bf5a640336"><code>43fd312</code></a> add test vectors for upcoming explicit curve loading (<a href="https://redirect.github.com/pyca/cryptography/issues/12913">#12913</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/6bfa0a31256a631a0543e3b0cee5a101f1ac3d3f"><code>6bfa0a3</code></a> chore(deps): bump asn1 from 0.21.2 to 0.21.3 (<a href="https://redirect.github.com/pyca/cryptography/issues/12914">#12914</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/a88dd6635c19ef282e0a6469a9604fef096cc843"><code>a88dd66</code></a> chore(deps): bump cc from 1.2.22 to 1.2.23 (<a href="https://redirect.github.com/pyca/cryptography/issues/12912">#12912</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/e4e98407e866064b55dfcad599117995279cecf6"><code>e4e9840</code></a> chore(deps): bump uv from 0.7.3 to 0.7.4 in /.github/requirements (<a href="https://redirect.github.com/pyca/cryptography/issues/12911">#12911</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/e140233902db423f031d79237533aacfe96ba119"><code>e140233</code></a> chore(deps): bump uv from 0.7.3 to 0.7.4 (<a href="https://redirect.github.com/pyca/cryptography/issues/12910">#12910</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/44.0.3...45.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=pip&previous-version=44.0.3&new-version=45.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 5f0902b commit 94901a2

File tree

4 files changed

+4
-4
lines changed

4 files changed

+4
-4
lines changed

requirements/constraints.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ coverage==7.8.0
5858
# via
5959
# -r requirements/test.in
6060
# pytest-cov
61-
cryptography==44.0.3
61+
cryptography==45.0.2
6262
# via
6363
# pyjwt
6464
# trustme

requirements/dev.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ coverage==7.8.0
5858
# via
5959
# -r requirements/test.in
6060
# pytest-cov
61-
cryptography==44.0.3
61+
cryptography==45.0.2
6262
# via
6363
# pyjwt
6464
# trustme

requirements/lint.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ cfgv==3.4.0
2121
# via pre-commit
2222
click==8.1.8
2323
# via slotscheck
24-
cryptography==44.0.3
24+
cryptography==45.0.2
2525
# via trustme
2626
distlib==0.3.9
2727
# via virtualenv

requirements/test.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ coverage==7.8.0
3131
# via
3232
# -r requirements/test.in
3333
# pytest-cov
34-
cryptography==44.0.3
34+
cryptography==45.0.2
3535
# via trustme
3636
exceptiongroup==1.2.2
3737
# via pytest

0 commit comments

Comments
 (0)