chore(deps): update dependency cryptography to v48#14135
chore(deps): update dependency cryptography to v48#14135renovate-bot wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
Conversation
trusted-contributions-gcf
Bot
added
kokoro:force-run
product-auto-label
Bot
added
samples
kokoro-team
removed
the
kokoro:force-run
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the cryptography dependency from version 46.0.7 to 48.0.0 in the requirements file. Feedback highlights a potential compatibility issue where this version of cryptography removes support for positional arguments in certain classes, which may cause a TypeError when used with PyJWT for ECDSA-based signature verification.
| @@ -1,4 +1,4 @@ | |||
| cryptography==46.0.7 | |||
| cryptography==48.0.0 | |||
There was a problem hiding this comment.
Updating to cryptography==48.0.0 introduces a breaking change for PyJWT (pinned at ~=2.10.1 in this file). cryptography 48.0.0 removed support for positional arguments in several classes, including ec.ECDSA, which PyJWT 2.10.1 uses for signature verification. This will result in a TypeError if ECDSA-based JWTs are processed. While IAP typically uses RSA, it is recommended to verify compatibility or update PyJWT to a version that supports cryptography 48.0.0.
2 participants
This PR contains the following updates:
==46.0.7→==48.0.0Release Notes
pyca/cryptography (cryptography)
v48.0.0Compare Source
v47.0.0Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.