Bump cryptography from 47.0.0 to 48.0.0 by dependabot[bot] · Pull Request #130 · Senzing/mapper-npi

dependabot · 2026-05-26T20:36:13Z

Bumps cryptography from 47.0.0 to 48.0.0.

Changelog

Sourced from cryptography's changelog.

48.0.0 - 2026-05-04

* **BACKWARDS INCOMPATIBLE:** Support for Python 3.8 has been removed. ``cryptography`` now requires Python 3.9 or later. * **BACKWARDS INCOMPATIBLE:** Loading an X.509 CRL whose inner ``TBSCertList.signature`` algorithm does not match the outer ``signatureAlgorithm`` now raises ``ValueError``. Previously, such CRLs were parsed successfully and only rejected during signature validation. * Added support for :doc:`/hazmat/primitives/asymmetric/mlkem` and :doc:`/hazmat/primitives/asymmetric/mldsa` when using OpenSSL 3.5.0 or later, in addition to the existing AWS-LC and BoringSSL support. This means post-quantum algorithms are now available to users of our wheels. Note: Going forward, we do not guarantee that all functionality in cryptography will be available when building against OpenSSL. See :doc:/statements/state-of-openssl for more information.

.. _v47-0-0:

Commits

8e03e30 bump for 48.0.0 release (#14796)
295e0d2 Add AGENTS.md with CLAUDE.md symlink (#14794)
104a2de Bump BoringSSL, OpenSSL, AWS-LC in CI (#14793)
67ec1e5 call check_length early on AesSiv::encrypt (#14792)
b2da57a changelog for mldsa/mlkem for openssl (#14791)
3cf44ad ML-KEM OpenSSL support (#14781)
2e31639 ML-DSA OpenSSL support (#14773)
5affe5a fix rust nightly clippy (#14790)
2e73ca4 bump rust-openssl dep and update EcPoint::mul_generator to mul_generator2 (#1...
82ebd3b Bump BoringSSL, OpenSSL, AWS-LC in CI (#14785)
Additional commits viewable in compare view

github-actions · 2026-05-26T20:37:01Z

🤖 Claude Code Review

Code Review

Summary: This PR bumps cryptography from 47.0.0 to 48.0.0 in development-requirements.txt.

Code Quality

✅ Style guide — Single-line change in a requirements file; no style concerns.
✅ No commented-out code — N/A.
✅ Meaningful variable names — N/A.
✅ DRY principle — N/A.
✅ Defects / security — cryptography is a dev-only dependency. Bumping to 48.0.0 is a security-positive change (dependency upgrades for the cryptography library are typically security-motivated). No concerns.
✅ Project memory (.claude/CLAUDE.md) — No project memory file found; nothing to consider.

Testing

✅ Unit/integration tests — No logic changes; dependency version bump only. No new tests required.
✅ Edge cases / coverage — N/A.

Documentation

✅ README — No changes needed for a dev-dependency version bump.
✅ API docs — N/A.
✅ Inline comments — N/A.
❌ CHANGELOG.md — CHANGELOG.md exists and follows Keep a Changelog format, but this dependency bump is not reflected under [Unreleased]. Dependency bumps in development requirements are typically noted (e.g., - Bump cryptography from 47.0.0 to 48.0.0). Consider adding an entry.

Security

✅ No hardcoded credentials — N/A.
✅ Input validation — N/A.
✅ Error handling — N/A.
✅ No sensitive data in logs — N/A.
✅ No license files (.lic / AQAAAD strings) — None present.

Overall Assessment

Minor issue: The `CHANGELOG.md` does not include an entry for this dependency bump. Everything else is clean — this is a straightforward, low-risk dev-dependency version upgrade.

Automated code review analyzing defects and coding standards

Bumps [cryptography](https://github.com/pyca/cryptography) from 47.0.0 to 48.0.0. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@47.0.0...48.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-version: 48.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-26T20:40:25Z

🤖 Claude Code Review

PR Code Review — `cryptography` 47.0.0 → 48.0.0

Scope: Single-line dependency bump in development-requirements.txt (line 5).

Code Quality

✅ Style guide — No code changes; requirements file format is unchanged.
✅ No commented-out code — N/A.
✅ Meaningful variable names — N/A.
✅ DRY principle — N/A.
✅ Defects — No logic changes. The bump is a straightforward pin update for a dev-only dependency. No runtime impact.
✅ .claude/CLAUDE.md — No project-level CLAUDE.md exists at the repo root; no concerns.

Testing

✅ Unit/integration tests — N/A; no functional code changed.
✅ Edge cases / coverage — Existing test suite covers any cryptography usage; no new test surface introduced.

Documentation

✅ README — No update needed.
✅ API docs — N/A.
✅ Inline comments — N/A.
❌ CHANGELOG.md not updated — CHANGELOG.md has no entry for this dependency bump. The [Unreleased] section contains only placeholder text (Thing 4, Thing 5). A dependency update entry should be added under [Unreleased], e.g.:
```
### Changed
- Bump cryptography from 47.0.0 to 48.0.0
```
✅ Markdown formatting — No markdown files modified in this PR.

Security

✅ No hardcoded credentials — None.
✅ Input validation — N/A.
✅ Error handling — N/A.
✅ No sensitive data in logs — N/A.
✅ No .lic files or AQAAAD strings — None present.

Summary

Category	Status
Code Quality	✅
Testing	✅
Documentation	❌
Security	✅

One actionable item: Add a `CHANGELOG.md` entry under `[Unreleased]` for the `cryptography` version bump (`development-requirements.txt`, line 5).

Automated code review analyzing defects and coding standards

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 26, 2026

dependabot Bot requested a review from a team as a code owner May 26, 2026 20:36

dependabot Bot force-pushed the dependabot/pip/cryptography-48.0.0 branch from 84667da to 95e5ad2 Compare May 26, 2026 20:39

docktermj approved these changes May 27, 2026

View reviewed changes

docktermj merged commit 13bd44d into main May 27, 2026
12 checks passed

docktermj deleted the dependabot/pip/cryptography-48.0.0 branch May 27, 2026 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump cryptography from 47.0.0 to 48.0.0#130

Bump cryptography from 47.0.0 to 48.0.0#130
docktermj merged 1 commit into
mainfrom
dependabot/pip/cryptography-48.0.0

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 26, 2026

Uh oh!

github-actions Bot commented May 26, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot Bot commented on behalf of github May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented May 26, 2026

🤖 Claude Code Review

Code Review

Code Quality

Testing

Documentation

Security

Overall Assessment

Minor issue: The CHANGELOG.md does not include an entry for this dependency bump. Everything else is clean — this is a straightforward, low-risk dev-dependency version upgrade.

Uh oh!

github-actions Bot commented May 26, 2026

🤖 Claude Code Review

PR Code Review — cryptography 47.0.0 → 48.0.0

Code Quality

Testing

Documentation

Security

Summary

One actionable item: Add a CHANGELOG.md entry under [Unreleased] for the cryptography version bump (development-requirements.txt, line 5).

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot Bot commented on behalf of github May 26, 2026 •

edited

Loading

Minor issue: The `CHANGELOG.md` does not include an entry for this dependency bump. Everything else is clean — this is a straightforward, low-risk dev-dependency version upgrade.

PR Code Review — `cryptography` 47.0.0 → 48.0.0

One actionable item: Add a `CHANGELOG.md` entry under `[Unreleased]` for the `cryptography` version bump (`development-requirements.txt`, line 5).