Update cryptography to 35.0.0 and jwcrypto to 1.0

[pyup-bot]

This PR updates cryptography from 3.4.7 to 35.0.0.

Changelog

35.0.0

~~~~~~~~~~~~~~~~~~~

* Changed the :ref:`version scheme <api-stability:versioning>`. This will
result in us incrementing the major version more frequently, but does not
change our existing backwards compatibility policy.
* **BACKWARDS INCOMPATIBLE:** The X.509 certificate parser no longer allows
negative serial numbers. :rfc:`5280` has always prohibited these.
* **BACKWARDS INCOMPATIBLE:** Invalid ASN.1 found during :doc:`/x509/index`
parsing will raise an error on initial parse rather than when the invalid
field is accessed.
* Rust is now required for building ``cryptography``, the
``CRYPTOGRAPHY_DONT_BUILD_RUST`` environment variable is no longer
respected.
* Parsers for :doc:`/x509/index` no longer use OpenSSL and have been
rewritten in Rust. This should be backwards compatible (modulo the items
listed above) and improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for
:class:`~cryptography.hazmat.primitives.hashes.SM3` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SM4`,
when using OpenSSL 1.1.1. These algorithms are provided for compatibility
in regions where they may be required, and are not generally recommended.
* We now ship ``manylinux_2_24`` and ``musllinux_1_1`` wheels, in addition to
our ``manylinux2010`` and ``manylinux2014`` wheels. Users on distributions
like Alpine Linux should ensure they upgrade to the latest ``pip`` to
correctly receive wheels.
* Added ``rfc4514_attribute_name`` attribute to :attr:`x509.NameAttribute
<cryptography.x509.NameAttribute.rfc4514_attribute_name>`.
* Added :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`.

.. _v3-4-8:

3.4.8

~~~~~~~~~~~~~~~~~~

* Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1l.

.. _v3-4-7:

Links

• PyPI: https://pypi.org/project/cryptography
• Changelog: https://pyup.io/changelogs/cryptography/
• Repo: https://github.com/pyca/cryptography

This PR updates jwcrypto from 0.9.1 to 1.0.

Changelog

1.0.0

Cutting 1.0 as we reached a very stable code base and API now.

Simo Sorce (11):

1.0.dev1

* Create SECURITY.md
* Show Code Scan button and exclude trivial pulls
* Allow empty payloads in JWS tokens
* Add tests to check empty payload support
* Drop python2 compatibility
* Fix python3 pylint issues
* Add explicit support to check 'typ' in JWT
* Drop support for importing old MutableMapping
* Disable annoying pep8 naming checks
* Version 1.0

Links

• PyPI: https://pypi.org/project/jwcrypto
• Changelog: https://pyup.io/changelogs/jwcrypto/
• Repo: https://github.com/latchset/jwcrypto

[machikoyasuda]

Tested this PR in conjunction with cal-itp/eligibility-server#39

1. In server, checkout the branch with the dependency updates, and docker compose build server
2. In benefits, checkout the branch with the dependency updates, and docker compose build client
3. In benefits, update the server.image in docker compose file to point to the local eligibility_server:latest
4. Rebuild and Reopen devcontainer. Run app in Debugger mode.
5. Open benefits app client to admin and ensure this is correct
6. Test flow for an eligible user and an ineligible user

[machikoyasuda]

Now that cal-itp/eligibility-server#39 is merged, testing with https://github.com/cal-itp/eligibility-server/pkgs/container/eligibility-server/9484551?tag=main