Skip to content

v1294+srv657.web484

v1294+srv657.web484: deps(py): bump cryptography from 46.0.7 to 47.0.0 (#1700)
@dependabot dependabot tagged this 07 May 15:34 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7
to 47.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's
changelog</a>.</em></p>
<blockquote>
<p>47.0.0 - 2026-04-24</p>
<pre><code>
* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been
removed.
OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL &lt; 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms
or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects

:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,

:func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys,
we now
reject keys that incorrectly encode a private key of the wrong length
because
such keys are impossible to process in a constant-time manner. We do not
believe keys with this problem are in wide use, however we may revert
this
  change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
:class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In
a
future release, only 192-bit (24-byte) keys will be accepted. Users
should
expand shorter keys themselves (e.g., for single DES: ``key + key +
key``,
  for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from
1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is
deprecated
and will be removed in the next release. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in the next release. Users should move to a 64-bit
  Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
``TypeError`` (instead of ``ValueError``) if an invalid encoding is
provided
  for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
:doc:`/hazmat/decrepit/index` and deprecated them in the ``modes``
module.
  They will be removed from the ``modes`` module in 49.0.0.
* Moved
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
into :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher``
module.
  It will be removed from the ``cipher`` module in 49.0.0.
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pyca/cryptography/commit/59c5f5e4b9395f32d407f66467d59ccea9f9829f"><code>59c5f5e</code></a>
bump for 47.0.0 release (<a
href="https://redirect.github.com/pyca/cryptography/issues/14730">#14730</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/9025578c87f14096f9332264881f5370a1c64e93"><code>9025578</code></a>
Add MLKEM1024-P384 hybrid KEM support in HPKE (<a
href="https://redirect.github.com/pyca/cryptography/issues/14722">#14722</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/ef66de49e0bd281da86750178ab2fb4b5b104162"><code>ef66de4</code></a>
Recommend Argon2id over PBKDF2HMAC as KDF (<a
href="https://redirect.github.com/pyca/cryptography/issues/14724">#14724</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/d996a37666524c606419e71de15eb527bae655aa"><code>d996a37</code></a>
Add ubuntu-resolute to CI workflow (<a
href="https://redirect.github.com/pyca/cryptography/issues/14729">#14729</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/e86da41ff7e21a04529a933856dc27dacd9e7fc0"><code>e86da41</code></a>
chore(deps): bump libc from 0.2.185 to 0.2.186 (<a
href="https://redirect.github.com/pyca/cryptography/issues/14725">#14725</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/1c33c9a5d96a7b1a975ab5a465a75517e0ebadd6"><code>1c33c9a</code></a>
Bump downstream dependencies in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14728">#14728</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/67fb6be685bbc0952a47cf18e9ee4533b411cd8b"><code>67fb6be</code></a>
Bump x509-limbo and/or wycheproof in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14727">#14727</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/6cb20b3141c6391ae11075f30b992375c05adad5"><code>6cb20b3</code></a>
Bump BoringSSL, OpenSSL, AWS-LC in CI (<a
href="https://redirect.github.com/pyca/cryptography/issues/14726">#14726</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/d6f372d7ea7f7df96aeda240252a23b6ed46bc71"><code>d6f372d</code></a>
Update supported OpenSSL versions in installation docs (<a
href="https://redirect.github.com/pyca/cryptography/issues/14721">#14721</a>)</li>
<li><a
href="https://github.com/pyca/cryptography/commit/ebd26194cd6a3315b122a44d2ee5aeb138bee55b"><code>ebd2619</code></a>
openssl 3.3 is out of upstream support (<a
href="https://redirect.github.com/pyca/cryptography/issues/14720">#14720</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pyca/cryptography/compare/46.0.7...47.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cryptography&package-manager=uv&previous-version=46.0.7&new-version=47.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Assets 2
Loading