Skip to content

build(deps): bump the dependencies group across 1 directory with 3 updates#1148

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-99c0166f0d
Open

build(deps): bump the dependencies group across 1 directory with 3 updates#1148
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/dependencies-99c0166f0d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on cryptography, boto3 and botocore to permit the latest version.
Updates cryptography from 48.0.1 to 49.0.0

Changelog

Sourced from cryptography's changelog.

49.0.0 - 2026-06-12


* **BACKWARDS INCOMPATIBLE:** Support for ``x86_64`` macOS has been removed.
  We now only publish ``arm64`` wheels for macOS.
* **BACKWARDS INCOMPATIBLE:** Support for 32-bit Windows has been removed.
  Users should move to a 64-bit Python installation.
* **BACKWARDS INCOMPATIBLE:** Removed the deprecated
  ``PUBLIC_KEY_TYPES``, ``PRIVATE_KEY_TYPES``,
  ``CERTIFICATE_PRIVATE_KEY_TYPES``, ``CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES``,
  and ``CERTIFICATE_PUBLIC_KEY_TYPES`` type aliases. Use
  ``PublicKeyTypes``, ``PrivateKeyTypes``, ``CertificateIssuerPrivateKeyTypes``,
  ``CertificateIssuerPublicKeyTypes``, and ``CertificatePublicKeyTypes``
  instead. These were deprecated in version 40.0.
* **BACKWARDS INCOMPATIBLE:** :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  now treats the first 4 bytes of the ``nonce`` as a 32-bit little-endian block
  counter (as defined in :rfc:`7539`) and tracks the number of bytes processed.
  Attempting to encrypt or decrypt more data than the counter allows before it
  would overflow now raises a :class:`ValueError` rather than silently diverging
  from RFC 7539. Setting the counter portion of the ``nonce`` to zero allows
  encrypting up to 256 GiB with a given nonce.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 certificate whose ECDSA or DSA
  signature ``AlgorithmIdentifier`` contains encoded NULL parameters now raises
  a :class:`ValueError`. Such certificates are invalid, but older versions of
  Java emitted them; previously they loaded with a deprecation warning.
* Fixed cross-compilation of the CFFI bindings when ``PYO3_CROSS_LIB_DIR``
  is set. The build now derives the Python include directory from
  ``PYO3_CROSS_LIB_DIR`` instead of querying the host interpreter, which
  previously caused the build to fail during cross-compilations for embedded
  systems, on hosts which have same-version Python development headers
  installed as the target Python.
* Added support for signing and verifying X.509 certificates, certificate
  signing requests, and certificate revocation lists with
  :doc:`/hazmat/primitives/asymmetric/mldsa` keys, as well as loading
  certificates that contain ML-DSA public keys.
* Added :meth:`~cryptography.hazmat.primitives.hpke.KEM.enc_length` to
  :class:`~cryptography.hazmat.primitives.hpke.KEM` so callers can split the
  encapsulated key from the ciphertext returned by
  :meth:`~cryptography.hazmat.primitives.hpke.Suite.encrypt`.
* :meth:`~cryptography.x509.verification.ExtensionPolicy.require_present`,
  :meth:`~cryptography.x509.verification.ExtensionPolicy.may_be_present`, and
  :meth:`~cryptography.x509.verification.ExtensionPolicy.require_not_present`
  now accept any extension type. Previously only a fixed set of extension
  types was supported, which made it impossible to account for otherwise
  unrecognized critical extensions during path validation.
* Added support for using :class:`~cryptography.x509.Certificate`,
  :class:`~cryptography.x509.CertificateSigningRequest`, and
  :class:`~cryptography.x509.CertificateRevocationList` as field types in
  :doc:`/hazmat/asn1/index` structures.
* Added :func:`~cryptography.hazmat.asn1.value_set`, a class decorator that
</tr></table> 

... (truncated)

Commits
  • e300bbe bump version and changelog for 49.0.0 (#15030)
  • fa74cd8 Add external mu (message representative) support for ML-DSA (#14979)
  • f594db3 chore(deps): bump openssl from 0.10.80 to 0.10.81 (#15029)
  • 608e011 chore(deps): bump openssl-sys from 0.9.116 to 0.9.117 (#15028)
  • a322bc4 chore(deps): bump cc from 1.2.63 to 1.2.64 (#15027)
  • 33181a7 Reject critical nameConstraints extensions containing directoryName constrain...
  • 6080dc7 Bump dependencies that dependabot isn't (#15026)
  • 121faa3 chore(deps): bump virtualenv from 21.4.2 to 21.4.3 (#15023)
  • 829520b Add more robust processing for DH parameters. (#15016)
  • 0f05001 Bump downstream dependencies in CI (#15025)
  • Additional commits viewable in compare view

Updates boto3 to 1.43.35

Commits
  • c5b26ca Merge branch 'release-1.43.35'
  • 46e77cd Bumping version to 1.43.35
  • 9919ede Add changelog entries from botocore
  • 1820b7d Merge branch 'release-1.43.34'
  • 0065dbe Merge branch 'release-1.43.34' into develop
  • 2178e7a Bumping version to 1.43.34
  • 797f30d Add changelog entries from botocore
  • 325a059 Remove DocumentModifiedShape and re-export it from botocore (#4795)
  • 44bfb9a Merge branch 'release-1.43.33'
  • 447ab8f Merge branch 'release-1.43.33' into develop
  • Additional commits viewable in compare view

Updates botocore to 1.43.35

Commits
  • d33e4c5 Merge branch 'release-1.43.35'
  • 833cf6e Bumping version to 1.43.35
  • 8b3f215 Update to latest models
  • 377d566 Merge customizations for Application Signals
  • 67d724c Merge branch 'release-1.43.34'
  • 10f696e Merge branch 'release-1.43.34' into develop
  • 8279c40 Bumping version to 1.43.34
  • 42c8aee Update to latest models
  • f1f6826 Merge customizations for Glue
  • 9634887 Document policyDocumentShape for iam operations as a dict (#3721)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jun 22, 2026
@dependabot dependabot Bot changed the title build(deps): bump the dependencies group with 3 updates build(deps): bump the dependencies group across 1 directory with 3 updates Jun 29, 2026
…dates

Updates the requirements on [cryptography](https://github.com/pyca/cryptography), [boto3](https://github.com/boto/boto3) and [botocore](https://github.com/boto/botocore) to permit the latest version.

Updates `cryptography` from 48.0.1 to 49.0.0
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@48.0.1...49.0.0)

Updates `boto3` to 1.43.35
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.25...1.43.35)

Updates `botocore` to 1.43.35
- [Commits](boto/botocore@1.43.25...1.43.35)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.30
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: botocore
  dependency-version: 1.43.30
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: cryptography
  dependency-version: 49.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/dependencies-99c0166f0d branch from 3e30803 to f41b750 Compare June 29, 2026 22:43

@jku jku left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, this leads to sigstore issues again -- the next sigstore-python release should fix these issues for good (it no longer pins cryptography): sigstore/sigstore-python#1813

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant