Every time saml2.cryptography.symmetric is imported, cryptography 44+ emits:
saml2/cryptography/symmetric.py:108: CryptographyDeprecationWarning: CFB has been moved to cryptography.hazmat.decrepit.ciphers.modes.CFB and will be removed from cryptography.hazmat.primitives.ciphers.modes in 49.0.0.
"cfb": _ciphers.modes.CFB,
This comes from the class-level POSTFIX_MODE dict on the already-deprecated AESCipher class, which is built unconditionally at import time, even if AESCipher itself is never used.
A lazy lookup (build the dict inside build_cipher, or resolve CFB conditionally based on the installed cryptography version, since hazmat.decrepit only exists since cryptography 43) would avoid the warning for anyone who isn't using AESCipher.
(pysaml2 7.5.4, cryptography 49.0.0)
Every time
saml2.cryptography.symmetricis imported, cryptography 44+ emits:This comes from the class-level
POSTFIX_MODEdict on the already-deprecatedAESCipherclass, which is built unconditionally at import time, even ifAESCipheritself is never used.A lazy lookup (build the dict inside
build_cipher, or resolveCFBconditionally based on the installedcryptographyversion, sincehazmat.decrepitonly exists since cryptography 43) would avoid the warning for anyone who isn't usingAESCipher.(pysaml2 7.5.4, cryptography 49.0.0)