build(deps): bump the dependencies group with 3 updates #1002

dependabot · 2025-05-19T23:01:50Z

Updates the requirements on cryptography, boto3 and botocore to permit the latest version.
Updates cryptography from 43.0.3 to 45.0.2

Changelog

Sourced from cryptography's changelog.

45.0.2 - 2025-05-17

* Fixed using ``mypy`` with ``cryptography`` on older versions of Python. .. _v45-0-1:

45.0.1 - 2025-05-17

Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.

.. _v45-0-0:

45.0.0 - 2025-05-17 (YANKED)


* Support for Python 3.7 is deprecated and will be removed in the next
  ``cryptography`` release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores in
  :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and
  :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded` methods
  to support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using AES-256 as the
  content algorithm, in addition to AES-128.
* **BACKWARDS INCOMPATIBLE:** Made SSH private key loading more consistent with
  other private key loading:
  :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
  now raises a ``TypeError`` if the key is unencrypted but a password is
  provided (previously no exception was raised), and raises a ``TypeError`` if
  the key is encrypted but no password is provided (previously a ``ValueError``
  was raised).
* Added ``__copy__`` to the
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
  :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`, and
</tr></table>

... (truncated)

Commits

f81c075 Backport mypy fixes for release (#12930)
8ea28e0 bump for 45.0.1 (#12922)
6784097 bump for 45 release (#12886)
2d9c1c9 bump MSRV to 1.74 (#12919)
6c18874 Bump BoringSSL, OpenSSL, AWS-LC in CI (#12918)
43fd312 add test vectors for upcoming explicit curve loading (#12913)
6bfa0a3 chore(deps): bump asn1 from 0.21.2 to 0.21.3 (#12914)
a88dd66 chore(deps): bump cc from 1.2.22 to 1.2.23 (#12912)
e4e9840 chore(deps): bump uv from 0.7.3 to 0.7.4 in /.github/requirements (#12911)
e140233 chore(deps): bump uv from 0.7.3 to 0.7.4 (#12910)
Additional commits viewable in compare view

Updates boto3 to 1.38.19

Commits

f8cd022 Merge branch 'release-1.38.19'
d2266f8 Bumping version to 1.38.19
e300789 Add changelog entries from botocore
b669d1d Merge branch 'release-1.38.18'
19255e1 Merge branch 'release-1.38.18' into develop
33d374f Bumping version to 1.38.18
b8ea4b9 Add changelog entries from botocore
988771f Merge branch 'release-1.38.17'
46e84a3 Merge branch 'release-1.38.17' into develop
0ee7698 Bumping version to 1.38.17
Additional commits viewable in compare view

Updates botocore to 1.38.19

Commits

61fe8d9 Merge branch 'release-1.38.19'
ce2ea2f Bumping version to 1.38.19
82484f6 Update endpoints model
eed1175 Update to latest models
81c9cc2 Merge branch 'release-1.38.18'
c12105f Merge branch 'release-1.38.18' into develop
8fb591f Bumping version to 1.38.18
e9c1fa3 Update endpoints model
0c42c15 Update to latest models
32875f4 Revert "lower CBOR in priority order" (#3472)
Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
cryptography	[>= 44.0.dev0, < 44.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Updates the requirements on [cryptography](https://github.com/pyca/cryptography), [boto3](https://github.com/boto/boto3) and [botocore](https://github.com/boto/botocore) to permit the latest version. Updates `cryptography` from 43.0.3 to 45.0.2 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@43.0.3...45.0.2) Updates `boto3` to 1.38.19 - [Release notes](https://github.com/boto/boto3/releases) - [Commits](boto/boto3@1.38.14...1.38.19) Updates `botocore` to 1.38.19 - [Commits](boto/botocore@1.38.14...1.38.19) --- updated-dependencies: - dependency-name: cryptography dependency-version: 45.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: boto3 dependency-version: 1.38.19 dependency-type: direct:production dependency-group: dependencies - dependency-name: botocore dependency-version: 1.38.19 dependency-type: direct:production dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

lukpueh · 2025-05-20T07:41:08Z

Tests fail because our sigstore dependency has a version constraint on cryptography. This has already been changed in sigstore but not yet release: sigstore/sigstore-python#1398

dependabot · 2025-05-26T22:57:57Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 19, 2025

dependabot bot closed this May 26, 2025

dependabot bot deleted the dependabot/pip/dependencies-5253dc995c branch May 26, 2025 22:57

lukpueh mentioned this pull request Jun 4, 2025

CI fails because of cryptography dependency conflict with sigstore #1006

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the dependencies group with 3 updates #1002

build(deps): bump the dependencies group with 3 updates #1002

Uh oh!

dependabot bot commented on behalf of github May 19, 2025 •

edited

Loading

Uh oh!

lukpueh commented May 20, 2025

Uh oh!

dependabot bot commented on behalf of github May 26, 2025

Uh oh!

Uh oh!

build(deps): bump the dependencies group with 3 updates #1002

build(deps): bump the dependencies group with 3 updates #1002

Uh oh!

Conversation

dependabot bot commented on behalf of github May 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

lukpueh commented May 20, 2025

Uh oh!

dependabot bot commented on behalf of github May 26, 2025

Uh oh!

Uh oh!

dependabot bot commented on behalf of github May 19, 2025 •

edited

Loading