diff --git a/CHANGELOG.md b/CHANGELOG.md index 11623ca..5afb97e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +### Security +- Relax `cryptography` constraint to `>=48.0.1` (CVE-2026-34180 / + SNYK-PYTHON-CRYPTOGRAPHY-17344551), unblocking downstream consumers capped + by the previous `~=46.0.5` pin. No upper bound — `cryptography` is a + transitive dependency and is not imported directly. + ## [0.1.10] - 2026-03-24 ### Security diff --git a/requirements.txt b/requirements.txt index 4ddd600..13960b2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ pytest>=9.0.2 pytest-cov>=7.1.0 pylint>=4.0.5 -cryptography~=46.0.5 +cryptography>=48.0.1 keyring>=25.7.0 pyopenssl>=26.0.0 PyInstaller>=6.19.0 diff --git a/setup.cfg b/setup.cfg index 790eade..781158a 100644 --- a/setup.cfg +++ b/setup.cfg @@ -33,7 +33,7 @@ zip_safe = True include_package_data = False install_requires = - cryptography~=46.0.5 + cryptography>=48.0.1 keyring>=25.7.0 aiohttp>=3.13.3 asynctest >= 0.13.0; python_version<"3.8"