chore(deps): bump cryptography from 46.0.7 to 47.0.0 by dependabot[bot] · Pull Request #212 · Bluetooth-Devices/bluetooth-data-tools

dependabot · 2026-04-27T05:48:09Z

Bumps cryptography from 46.0.7 to 47.0.0.

Changelog

Sourced from cryptography's changelog.

47.0.0 - 2026-04-24


* Support for Python 3.8 is deprecated and will be removed in the next
  ``cryptography`` release.
* **BACKWARDS INCOMPATIBLE:** Support for binary elliptic curves
  (``SECT*`` classes) has been removed. These curves are rarely used and
  have additional security considerations that make them undesirable.
* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.x has been removed.
  OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC
  continue to be supported.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 4.1.
* **BACKWARDS INCOMPATIBLE:** Loading keys with unsupported algorithms or
  keys with unsupported explicit curve encodings now raises
  :class:`~cryptography.exceptions.UnsupportedAlgorithm` instead of
  ``ValueError``. This change affects
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key`,
  :func:`~cryptography.hazmat.primitives.serialization.load_der_public_key`,
  and :meth:`~cryptography.x509.Certificate.public_key` when called on
  certificates with unsupported public key algorithms.
* **BACKWARDS INCOMPATIBLE:** When parsing elliptic curve private keys, we now
  reject keys that incorrectly encode a private key of the wrong length because
  such keys are impossible to process in a constant-time manner. We do not
  believe keys with this problem are in wide use, however we may revert this
  change based on the feedback we receive.
* Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to
  :class:`~cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES`. In a
  future release, only 192-bit (24-byte) keys will be accepted. Users should
  expand shorter keys themselves (e.g., for single DES: ``key + key + key``,
  for two-key: ``key + key[:8]``).
* Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0.
* Support for ``x86_64`` macOS (including publishing wheels) is deprecated
  and will be removed in the next release. We will switch to publishing an
  ``arm64`` only wheel for macOS.
* Support for 32-bit Windows (including publishing wheels) is deprecated
  and will be removed in the next release. Users should move to a 64-bit
  Python installation.
* ``public_bytes`` and ``private_bytes`` methods on keys now raise
  ``TypeError`` (instead of ``ValueError``) if an invalid encoding is provided
  for the given ``format``.
* Moved :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB`,
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.OFB`, and
  :class:`~cryptography.hazmat.decrepit.ciphers.modes.CFB8` into
  :doc:`/hazmat/decrepit/index` and deprecated them in the ``modes`` module.
  They will be removed from the ``modes`` module in 49.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Camellia`
  into  :doc:`/hazmat/decrepit/index` and deprecated it in the ``cipher`` module.
  It will be removed from the ``cipher`` module in 49.0.0.
</tr></table>

... (truncated)

Commits

59c5f5e bump for 47.0.0 release (#14730)
9025578 Add MLKEM1024-P384 hybrid KEM support in HPKE (#14722)
ef66de4 Recommend Argon2id over PBKDF2HMAC as KDF (#14724)
d996a37 Add ubuntu-resolute to CI workflow (#14729)
e86da41 chore(deps): bump libc from 0.2.185 to 0.2.186 (#14725)
1c33c9a Bump downstream dependencies in CI (#14728)
67fb6be Bump x509-limbo and/or wycheproof in CI (#14727)
6cb20b3 Bump BoringSSL, OpenSSL, AWS-LC in CI (#14726)
d6f372d Update supported OpenSSL versions in installation docs (#14721)
ebd2619 openssl 3.3 is out of upstream support (#14720)
Additional commits viewable in compare view

codecov · 2026-04-27T05:48:59Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6c02b3b) to head (90a710d).

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #212   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            6         6           
  Lines          255       255           
  Branches        38        38           
=========================================
  Hits           255       255

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codspeed-hq · 2026-04-27T05:49:18Z

Merging this PR will not alter performance

✅ 9 untouched benchmarks

_{Comparing dependabot/pip/cryptography-47.0.0 (90a710d) with main (6c02b3b)}

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.7 to 47.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.7...47.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-version: 47.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-11T06:13:10Z

Superseded by #217.

dependabot Bot added dependencies Pull requests that update a dependency file python labels Apr 27, 2026

dependabot Bot temporarily deployed to release April 27, 2026 05:53 Inactive

github-actions Bot removed the python label May 1, 2026

dependabot Bot force-pushed the dependabot/pip/cryptography-47.0.0 branch from 7943971 to feb1a48 Compare May 1, 2026 12:32

dependabot Bot temporarily deployed to release May 1, 2026 12:43 Inactive

dependabot Bot force-pushed the dependabot/pip/cryptography-47.0.0 branch from feb1a48 to 90a710d Compare May 4, 2026 13:26

dependabot Bot temporarily deployed to release May 4, 2026 13:33 Inactive

dependabot Bot closed this May 11, 2026

dependabot Bot deleted the dependabot/pip/cryptography-47.0.0 branch May 11, 2026 06:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump cryptography from 46.0.7 to 47.0.0#212

chore(deps): bump cryptography from 46.0.7 to 47.0.0#212
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cryptography-47.0.0

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Apr 27, 2026 •

edited

Loading

Uh oh!

codspeed-hq Bot commented Apr 27, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov Bot commented Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

codspeed-hq Bot commented Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merging this PR will not alter performance

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

codecov Bot commented Apr 27, 2026 •

edited

Loading

codspeed-hq Bot commented Apr 27, 2026 •

edited

Loading