Bump cryptography from 47.0.0 to 48.0.0

[dependabot]

Bumps cryptography from 47.0.0 to 48.0.0.

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed.
  ``cryptography`` now requires Python 3.9 or later.
* **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner
  ``TBSCertList.signature`` algorithm does not match the outer
  ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs
  were parsed successfully and only rejected during signature validation.
* Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and
  :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or
  later, in addition to the existing AWS-LC and BoringSSL support. This means
  post-quantum algorithms are now available to users of our wheels.

Note: Going forward, we do not guarantee that all functionality

in cryptography will be available when building against

OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

• 8e03e30 bump for 48.0.0 release (#14796)
• 295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
• 104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
• 67ec1e5 call check_length early on AesSiv::encrypt (#14792)
• b2da57a changelog for mldsa/mlkem for openssl (#14791)
• 3cf44ad ML-KEM OpenSSL support (#14781)
• 2e31639 ML-DSA OpenSSL support (#14773)
• 5affe5a fix rust nightly clippy (#14790)
• 2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
• 82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
• Additional commits viewable in compare view

[github-actions]

🤖 Claude Code Review

Code Review

Change: cryptography dependency bump from 47.0.0 → 48.0.0 in pyproject.toml

---

Code Quality

• ✅ Style guide — Single-line change in pyproject.toml, no style concerns.
• ✅ No commented-out code — Not applicable.
• ✅ Meaningful variable names — Not applicable.
• ✅ DRY principle — Not applicable.
• ✅ Defects — No logic, bugs, or security issues introduced. cryptography 48.0.0 is a legitimate release with security fixes. This is a development dependency only (under [development] group), not a runtime dependency.
• ✅ CLAUDE.md — No concerns; project config is appropriate for general use.

Testing

• ✅ No new functions or endpoints — testing checklist not applicable for a dependency version bump.

Documentation

• ✅ README — No update needed.
• ✅ API docs — Not applicable.
• ✅ Inline comments — Not applicable.
• ⚠️ CHANGELOG.md — No CHANGELOG.md update included. If this project maintains a changelog, a dependency bump entry may be expected (minor concern for a dev dependency).
• ✅ Markdown formatting — Not applicable.

Security

• ✅ No hardcoded credentials — Not applicable.
• ✅ Input validation — Not applicable.
• ✅ Error handling — Not applicable.
• ✅ No sensitive data in logs — Not applicable.
• ✅ No license files — None present.

---

Summary

This is a routine automated dependency bump (Dependabot-style). The change is minimal and low-risk — cryptography is a development-only dependency used for testing infrastructure. The bump to 48.0.0 likely includes security patches or bug fixes.

Verdict: Approve. The only minor note is a missing CHANGELOG entry, which is discretionary for dev-dependency-only bumps.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

PR Code Review

Summary: This PR bumps the cryptography dependency from 47.0.0 to 48.0.0 in pyproject.toml.

---

Code Quality

• ✅ Style guide: Single-line change in a TOML config file; no style concerns.
• ✅ No commented-out code: N/A
• ✅ Meaningful variable names: N/A
• ✅ DRY principle: N/A
• ✅ Defects/bugs: No logic changes introduced. This is a straightforward dependency version bump.
• ✅ CLAUDE.md: No issues with project configuration.

Testing

• ✅ No new functions or endpoints requiring tests. Existing test suite should validate compatibility with the new version.
• ⚠️ Note: It's worth confirming CI passes with cryptography==48.0.0 across all supported Python versions (3.10–3.13), particularly for any API changes between 47.x and 48.x.

Documentation

• ✅ README: No changes needed for a dependency bump.
• ✅ API docs: N/A
• ✅ Inline comments: N/A
• ⚠️ CHANGELOG.md: Not included in the diff. If this project maintains a changelog, a dependency bump entry may be warranted depending on project conventions.

Security

• ✅ No hardcoded credentials: N/A
• ✅ No sensitive data: N/A
• ✅ No license files (.lic): N/A
• ✅ Security posture: Upgrading cryptography is generally a positive security action. The cryptography library frequently patches CVEs; staying current is recommended.

---

Overall Assessment

This is a clean, low-risk dependency bump. The only items to verify:

1. CI passes across all supported Python versions.
2. Consider adding a CHANGELOG entry if your project tracks dependency updates there.

Approve with minor note — no blocking issues.

Automated code review analyzing defects and coding standards