Bump cryptography from 47.0.0 to 48.0.0

[dependabot]

Bumps cryptography from 47.0.0 to 48.0.0.

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

Note: Going forward, we do not guarantee that all functionality

in cryptography will be available when building against

OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• 82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
• Additional commits viewable in compare view

[github-actions]

🤖 Claude Code Review

PR Code Review

This is a minimal dependency version bump PR. Here's my analysis:

Code Quality

• ✅ No commented-out code
• ✅ Meaningful variable names (N/A)
• ✅ DRY principle (N/A)
• ✅ No defects — single version string change in pyproject.toml:41
• ✅ CLAUDE.md is general and environment-agnostic

Testing

• ✅ No new functions requiring unit tests
• ✅ No new endpoints requiring integration tests
• ✅ Dependency bumps rely on existing test suite for regression coverage

Documentation

• ❌ CHANGELOG.md — No changelog entry for the cryptography bump from 47.0.0 → 48.0.0. If this project maintains a changelog, dependency updates should be recorded.
• ✅ No README or API doc changes needed

Security

• ✅ No hardcoded credentials
• ✅ No sensitive data
• ✅ No license files (.lic) checked in
• ✅ cryptography 48.0.0 is a security-relevant package — bumping it is itself a security improvement. No concerns with the new version.

---

Summary

Approved with minor note. The change is a single-line dev-dependency bump (cryptography 47.0.0 → 48.0.0 in the development extras group). The only gap is a missing CHANGELOG entry if your project tracks dependency updates there. No functional, security, or style issues.

Automated code review analyzing defects and coding standards

[github-actions]

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
src/senzing
szengineflags.py
szerror.py
Project Total

This report was generated by python-coverage-comment-action

[github-actions]

🤖 Claude Code Review

PR Code Review

This is a minimal dependency bump PR — upgrading cryptography from 47.0.0 to 48.0.0 in the development dependencies.

---

Code Quality

• ✅ Style guide: Single-line change in pyproject.toml, no style concerns.
• ✅ No commented-out code: N/A
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects/bugs: No logic changes. The cryptography package is listed under development extras only (pyproject.toml:41), so this does not affect production consumers of the senzing package. No runtime risk.
• ✅ CLAUDE.md: No issues — the project config is appropriate and general.

Testing

• ✅ Unit/integration tests: No new code introduced; dependency bumps do not require new tests.
• ✅ Test coverage: N/A for a version pin change.

Documentation

• ✅ README: No update needed.
• ✅ API docs: No update needed.
• ✅ Inline comments: N/A
• ✅ CHANGELOG.md: Dependency-only bumps in dev tooling are typically not changelog-worthy; acceptable to omit.
• ✅ Markdown formatting: No markdown changes.

Security

• ✅ No hardcoded credentials: N/A
• ✅ Input validation: N/A
• ✅ Error handling: N/A
• ✅ No sensitive data in logs: N/A
• ✅ License files: No .lic files or AQAAAD-prefixed strings present.

---

Summary

Approved. This is a straightforward dev-dependency version bump (cryptography 47.0.0 → 48.0.0). It is scoped to the development extras group and has no impact on the published senzing package or its consumers. No issues found.

Automated code review analyzing defects and coding standards