build(deps): bump cryptography from 46.0.7 to 48.0.0 #1126 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | dependabot/pip/cryptography-48.0.0 -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | dependabot[bot] |
| State | closed |
| Commit Title | build(deps): bump cryptography from 46.0.7 to 48.0.0 |
| Commit Body | Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 48.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>48.0.0 - 2026-05-04</p> <pre><code> * **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed. ``cryptography`` now requires Python 3.9 or later. * **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner ``TBSCertList.signature`` algorithm does not match the outer ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs were parsed successfully and only rejected during signature validation. * Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or later, in addition to the existing AWS-LC and BoringSSL support. This means post-quantum algorithms are now available to users of our wheels. <ul> <li><strong>Note:</strong> Going forward, we do not guarantee that all functionality<br /> in <code>cryptography</code> will be available when building against<br /> OpenSSL. See :doc:<code>/statements/state-of-openssl</code> for more information.</li> </ul> <p>.. _v47-0-0:</p> <p>47.0.0 - 2026-04-24<br /> </code></pre></p> <ul> <li>Support for Python 3.8 is deprecated and will be removed in the next <code>cryptography</code> release.</li> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for binary elliptic curves (<code>SECT*</code> classes) has been removed. These curves are rarely used and have additional security considerations that make them undesirable.</li> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Support for OpenSSL 1.1.x has been removed. OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC continue to be supported.</li> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Dropped support for LibreSSL < 4.1.</li> <li><strong>BACKWARDS INCOMPATIBLE:</strong> Loading keys with unsupported algorithms or keys with unsupported explicit curve encodings now raises :class:<code>~cryptography.exceptions.UnsupportedAlgorithm</code> instead of <code>ValueError</code>. This change affects :func:<code>~cryptography.hazmat.primitives.serialization.load_pem_private_key</code>, :func:<code>~cryptography.hazmat.primitives.serialization.load_der_private_key</code>, :func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>, :func:<code>~cryptography.hazmat.primitives.serialization.load_der_public_key</code>, and :meth:<code>~cryptography.x509.Certificate.public_key</code> when called on certificates with unsupported public key algorithms.</li> <li><strong>BACKWARDS INCOMPATIBLE:</strong> When parsing elliptic curve private keys, we now reject keys that incorrectly encode a private key of the wrong length because such keys are impossible to process in a constant-time manner. We do not believe keys with this problem are in wide use, however we may revert this change based on the feedback we receive.</li> <li>Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to :class:<code>~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES</code>. In a</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/8e03e30e3aae01632a697e903e3593c924f0139d"><code>8e03e30</code></a> bump for 48.0.0 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14796">#14796</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/295e0d254ef31ab864730aa41312ec355416ee71"><code>295e0d2</code></a> Add AGENTS.md with CLAUDE.md symlink (<a href="https://redirect.github.com/pyca/cryptography/issues/14794">#14794</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/104a2de19e268a433e6da92be9cb872dcf0003c8"><code>104a2de</code></a> Bump BoringSSL, OpenSSL, AWS-LC in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/14793">#14793</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/67ec1e51988195e17993d2edef5258b27509b926"><code>67ec1e5</code></a> call check_length early on AesSiv::encrypt (<a href="https://redirect.github.com/pyca/cryptography/issues/14792">#14792</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/b2da57a0d9e4bfd2b95364299091a18f74127b26"><code>b2da57a</code></a> changelog for mldsa/mlkem for openssl (<a href="https://redirect.github.com/pyca/cryptography/issues/14791">#14791</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/3cf44adee25c368d4a136e072fa9f80465d91eb0"><code>3cf44ad</code></a> ML-KEM OpenSSL support (<a href="https://redirect.github.com/pyca/cryptography/issues/14781">#14781</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/2e31639666766f846fbab2c605879db0fa64fe83"><code>2e31639</code></a> ML-DSA OpenSSL support (<a href="https://redirect.github.com/pyca/cryptography/issues/14773">#14773</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/5affe5a286a986fdf512c4a5cb280d28a96c10e3"><code>5affe5a</code></a> fix rust nightly clippy (<a href="https://redirect.github.com/pyca/cryptography/issues/14790">#14790</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/2e73ca448eaf64b6f0d4ffbb794cf96170cef5ec"><code>2e73ca4</code></a> bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (<a href="https://redirect.github.com/pyca/cryptography/issues/1">#1</a>...</li> <li><a href="https://github.com/pyca/cryptography/commit/82ebd3b9f49d49ad5fd8b4b1f1dd02487b6e1466"><code>82ebd3b</code></a> Bump BoringSSL, OpenSSL, AWS-LC in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/14785">#14785</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/46.0.7...48.0.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.