build(deps): bump cryptography from 46.0.7 to 47.0.0 #1118 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | dependabot/pip/cryptography-47.0.0 -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | dependabot[bot] |
| State | closed |
| Commit Title | build(deps): bump cryptography from 46.0.7 to 47.0.0 |
| Commit Body | Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 47.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>47.0.0 - 2026-04-24</p> <pre><code> * Support for Python 3.8 is deprecated and will be removed in the next ``cryptography`` release. * **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves (``SECT*`` classes) has been removed. These curves are rarely used and have additional security considerations that make them undesirable. * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed. OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC continue to be supported. * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1. * **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or keys with unsupported explicit curve encodings now raises :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of ``ValueError``. This change affects :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`, :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`, :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`, and :meth:`~cryptography.x509.Certificate.public_key` when called on certificates with unsupported public key algorithms. * **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now reject keys that incorrectly encode a private key of the wrong length because such keys are impossible to process in a constant-time manner. We do not believe keys with this problem are in wide use, however we may revert this change based on the feedback we receive. * Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to :class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a future release, only 192-bit (24-byte) keys will be accepted. Users should expand shorter keys themselves (e.g., for single DES: ``key + key + key``, for two-key: ``key + key[:8]``). * Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0. * Support for ``x86_64`` macOS (including publishing wheels) is deprecated and will be removed in the next release. We will switch to publishing an ``arm64`` only wheel for macOS. * Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in the next release. Users should move to a 64-bit Python installation. * ``public_bytes`` and ``private_bytes`` methods on keys now raise ``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided for the given ``format``. * Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`, :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into :doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module. They will be removed from the ``modes`` module in 49.0.0. * Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia` into :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module. It will be removed from the ``cipher`` module in 49.0.0. </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/59c5f5e4b9395f32d407f66467d59ccea9f9829f"><code>59c5f5e</code></a> bump for 47.0.0 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14730">#14730</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/9025578c87f14096f9332264881f5370a1c64e93"><code>9025578</code></a> Add MLKEM1024-P384 hybrid KEM support in HPKE (<a href="https://redirect.github.com/pyca/cryptography/issues/14722">#14722</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/ef66de49e0bd281da86750178ab2fb4b5b104162"><code>ef66de4</code></a> Recommend Argon2id over PBKDF2HMAC as KDF (<a href="https://redirect.github.com/pyca/cryptography/issues/14724">#14724</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/d996a37666524c606419e71de15eb527bae655aa"><code>d996a37</code></a> Add ubuntu-resolute to CI workflow (<a href="https://redirect.github.com/pyca/cryptography/issues/14729">#14729</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/e86da41ff7e21a04529a933856dc27dacd9e7fc0"><code>e86da41</code></a> chore(deps): bump libc from 0.2.185 to 0.2.186 (<a href="https://redirect.github.com/pyca/cryptography/issues/14725">#14725</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/1c33c9a5d96a7b1a975ab5a465a75517e0ebadd6"><code>1c33c9a</code></a> Bump downstream dependencies in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/14728">#14728</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/67fb6be685bbc0952a47cf18e9ee4533b411cd8b"><code>67fb6be</code></a> Bump x509-limbo and/or wycheproof in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/14727">#14727</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/6cb20b3141c6391ae11075f30b992375c05adad5"><code>6cb20b3</code></a> Bump BoringSSL, OpenSSL, AWS-LC in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/14726">#14726</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/d6f372d7ea7f7df96aeda240252a23b6ed46bc71"><code>d6f372d</code></a> Update supported OpenSSL versions in installation docs (<a href="https://redirect.github.com/pyca/cryptography/issues/14721">#14721</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/ebd26194cd6a3315b122a44d2ee5aeb138bee55b"><code>ebd2619</code></a> openssl 3.3 is out of upstream support (<a href="https://redirect.github.com/pyca/cryptography/issues/14720">#14720</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/46.0.7...47.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.