Skip to content

build(deps): bump cryptography from 44.0.2 to 45.0.3#13202

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/cryptography-45.0.3
Closed

build(deps): bump cryptography from 44.0.2 to 45.0.3#13202
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/cryptography-45.0.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2025

Copy link
Copy Markdown
Contributor

Bumps cryptography from 44.0.2 to 45.0.3.

Changelog

Sourced from cryptography's changelog.

45.0.3 - 2025-05-25


* Fixed decrypting PKCS#8 files encrypted with long salts (this impacts keys
  encrypted by Bouncy Castle).
* Fixed decrypting PKCS#8 files encrypted with DES-CBC-MD5. While wildly
  insecure, this remains prevalent.

.. _v45-0-2:

45.0.2 - 2025-05-17

  • Fixed using mypy with cryptography on older versions of Python.

.. _v45-0-1:

45.0.1 - 2025-05-17


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.

.. _v45-0-0:

45.0.0 - 2025-05-17 (YANKED)

  • Support for Python 3.7 is deprecated and will be removed in the next cryptography release.
  • Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
  • Added support for serialization of PKCS#12 Java truststores in :func:~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore
  • Added :meth:~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded and :meth:~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded methods to support password hashing in the PHC string format
  • Added support for PKCS7 decryption and encryption using AES-256 as the content algorithm, in addition to AES-128.
  • BACKWARDS INCOMPATIBLE: Made SSH private key loading more consistent with other private key loading: :func:~cryptography.hazmat.primitives.serialization.load_ssh_private_key now raises a TypeError if the key is unencrypted but a password is provided (previously no exception was raised), and raises a TypeError if the key is encrypted but no password is provided (previously a ValueError was raised).
  • Added __copy__ to the :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, :class:~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, :class:~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, :class:~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey,

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.2 to 45.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@44.0.2...45.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 45.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file major A high priority issue which might affect a lot of people or large parts of the codebase labels May 26, 2025
@cla-bot cla-bot Bot added the cla-signed CLA Bot: community license agreement signed label May 26, 2025
@codecov

codecov Bot commented May 26, 2025

Copy link
Copy Markdown

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.59%. Comparing base (8856297) to head (a8a4d0e).
Report is 3 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master   #13202   +/-   ##
=======================================
  Coverage   72.59%   72.59%           
=======================================
  Files         916      916           
  Lines       52636    52636           
  Branches     6058     6058           
=======================================
  Hits        38212    38212           
  Misses      12857    12857           
  Partials     1567     1567           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot @github

dependabot Bot commented on behalf of github May 27, 2025

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/cryptography-45.0.3 branch May 27, 2025 10:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cla-signed CLA Bot: community license agreement signed dependencies Pull requests that update a dependency file major A high priority issue which might affect a lot of people or large parts of the codebase

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant