Skip to content

ENG-3861: Bump cryptography to 48.0.0#8217

Draft
rayharnett wants to merge 2 commits into
mainfrom
ENG-3861
Draft

ENG-3861: Bump cryptography to 48.0.0#8217
rayharnett wants to merge 2 commits into
mainfrom
ENG-3861

Conversation

@rayharnett
Copy link
Copy Markdown
Contributor

@rayharnett rayharnett commented May 18, 2026

Summary

Upgrades cryptography from 46.0.7 to 48.0.0 and pyOpenSSL from 26.0.0 to 26.2.0 for compatibility.

Changes

  • cryptography 46.0.7 → 48.0.0: Includes post-quantum algorithm support (ML-KEM, ML-DSA), improved X.509 CRL validation, and security enhancements
  • pyOpenSSL 26.0.0 → 26.2.0: Updated to support cryptography 48.0.0

Breaking Changes (Not Impacting Fides)

  • Dropped Python 3.8 support (Fides requires 3.13+)
  • Removed binary elliptic curve support (not used in Fides)
  • OpenSSL 1.1.x support removed (requires 3.0.0+)

Testing

All cryptography-related tests pass:

  • ✅ tests/lib/test_cryptography_util.py (7 passed)
  • ✅ tests/api/cryptography/ (21 passed)
  • ✅ tests/lib/test_oauth_util.py (60 passed)

Closes ENG-3861

@rayharnett rayharnett requested a review from a team as a code owner May 18, 2026 11:23
@rayharnett rayharnett requested review from johnewart and removed request for a team May 18, 2026 11:23
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 18, 2026

Deployment failed with the following error:

You must set up Two-Factor Authentication before accessing this team.

View Documentation: https://vercel.com/docs/two-factor-authentication

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 18, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA da89dea.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

  • pyproject.toml
  • uv.lock

@rayharnett rayharnett marked this pull request as draft May 18, 2026 11:40
@rayharnett @claude
Bump cryptography 46.0.7 -> 48.0.0 and pyOpenSSL 26.0.0 -> 26.2.0
34b4357 
- cryptography 48.0.0: post-quantum algorithm support (ML-KEM, ML-DSA),
  improved X.509 CRL validation, security enhancements
- pyOpenSSL 26.2.0: updated to support cryptography 48.0.0

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 18, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.61%. Comparing base (2c3849a) to head (da89dea).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #8217   +/-   ##
=======================================
  Coverage   85.61%   85.61%           
=======================================
  Files         658      658           
  Lines       42869    42869           
  Branches     5019     5019           
=======================================
  Hits        36701    36701           
  Misses       5063     5063           
  Partials     1105     1105

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnewart johnewart Awaiting requested review from johnewart johnewart was automatically assigned from ethyca/backend

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rayharnett