chore(deps): bump cryptography 47.0.* -> 48.0.*

[asheshv]

Summary

Supersedes dependabot #9926 (and its /web/regression duplicate #9932 — that file inherits via -r ../../requirements.txt, so the single edit covers both).

Why this is safe — short version

cryptography 48 is a smaller bump than the major-version label suggests, and none of its breaking changes touch pgAdmin's usage.

Documented breaking changes in 48.0.0

1. Removed Python 3.8 support. pgAdmin already requires Python ≥ 3.9 across all supported platforms.
   • Side note: requires_python now excludes 3.9.0 and 3.9.1 specifically. Nothing in pgAdmin's CI or packaging targets those exact patch versions (3.9.0 = Sep 2020, 3.9.1 = Dec 2020).
2. Stricter X.509 CRL parsing. A CRL whose inner TBSCertList.signature doesn't match the outer signatureAlgorithm now raises ValueError instead of being parsed and rejected later during signature verification.
3. Added ML-KEM / ML-DSA post-quantum primitives (additive).

pgAdmin's cryptography surface area

web/pgadmin/settings/__init__.py        Fernet
web/pgadmin/utils/session.py            Fernet, hashes, HKDF
web/pgadmin/utils/crypto.py             Cipher, AES, CFB8

No imports of cryptography.x509, CertificateRevocationList, or load_pem_x509_crl anywhere in the tree. The stricter CRL parsing in 48 cannot affect pgAdmin.

About the OpenSSL 1.1.x removal

I initially flagged "drops OpenSSL 1.1.x" as a concern, but on closer reading of the changelog that happened in cryptography 47, which master is already on. No new platform-support regression from this bump.

Test plan

• No pgAdmin Python code touched — only requirements.txt:25
• grep confirms no x509 / CRL usage anywhere in the tree
• CI matrix on this PR (Linux/Mac/Windows × PG 14-18) passes — that's the real verification

Supersedes

• Dependabot Python dependency: Update cryptography requirement from ==47.0.* to ==48.0.* #9926 (canonical), Python dependency: Update cryptography requirement from ==47.0.* to ==48.0.* in /web/regression #9932 (regression-folder duplicate). Will close both once this lands.

Summary by CodeRabbit

• Chores
  • Updated cryptography dependency to version 48.0.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 614c964e-8c90-4a14-89aa-5456022bb35c

📥 Commits

Reviewing files that changed from the base of the PR and between aad2dfd and df82493.

📒 Files selected for processing (1)

• requirements.txt

---

Walkthrough

The pull request updates the requirements.txt file to pin the cryptography dependency to version 48.0.* instead of 47.0.*, maintaining the existing wildcard constraint pattern while upgrading the major and minor version numbers.

Changes

Cryptography Dependency Update

Layer / File(s)	Summary
Cryptography version bump requirements.txt	The cryptography package constraint is updated from 47.0.* to 48.0.* using the same wildcard pin style.

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: a dependency version bump of cryptography from 47.0.* to 48.0.*, which directly matches the single file change in requirements.txt.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/cryptography-48

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}