diff --git a/.changeset/rotten-turtles-give.md b/.changeset/rotten-turtles-give.md new file mode 100644 index 00000000..fa56cab7 --- /dev/null +++ b/.changeset/rotten-turtles-give.md @@ -0,0 +1,5 @@ +--- +"@fingerprint/python-sdk": patch +--- + +Bump minimum required `cryptography` version from `41.0.0` to `46.0.5`. diff --git a/fingerprint_server_sdk/sealed.py b/fingerprint_server_sdk/sealed.py index ac9c8fb6..7f8ef22d 100644 --- a/fingerprint_server_sdk/sealed.py +++ b/fingerprint_server_sdk/sealed.py @@ -1,7 +1,6 @@ import json import zlib -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from fingerprint_server_sdk.models.event import Event @@ -92,9 +91,7 @@ def __unseal_aes256gcm(sealed_data: bytes, decryption_key: bytes) -> str: ciphertext = sealed_data[len(SEALED_HEADER) + nonce_length : -auth_tag_length] - decipher = Cipher( - algorithms.AES(decryption_key), modes.GCM(nonce, auth_tag), backend=default_backend() - ).decryptor() + decipher = Cipher(algorithms.AES(decryption_key), modes.GCM(nonce, auth_tag)).decryptor() compressed = decipher.update(ciphertext) + decipher.finalize() diff --git a/pyproject.toml b/pyproject.toml index ca7a2791..4a989aed 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "python-dateutil (>=2.8.2)", "pydantic (>=2)", "typing-extensions (>=4.7.1)", - "cryptography" + "cryptography (>=46.0.5)" ] [project.optional-dependencies] @@ -39,7 +39,7 @@ python-dotenv = ">= 1.0.0" [build-system] -requires = ["setuptools"] +requires = ["setuptools>=82.0.1"] build-backend = "setuptools.build_meta" [tool.pylint.'MESSAGES CONTROL'] diff --git a/requirements.txt b/requirements.txt index 3cd5e516..7967c9c4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,5 +2,5 @@ urllib3 >= 2.1.0, < 3.0.0 python_dateutil >= 2.8.2 pydantic >= 2 typing-extensions >= 4.7.1 -cryptography >= 41.0.0 -setuptools >= 65.5.1 +cryptography >= 46.0.5 +setuptools >= 82.0.1 diff --git a/template/pyproject.mustache b/template/pyproject.mustache index 445b9f43..7958f7ac 100644 --- a/template/pyproject.mustache +++ b/template/pyproject.mustache @@ -56,7 +56,7 @@ typing-extensions = ">= 4.7.1" {{#lazyImports}} lazy-imports = ">= 1, < 2" {{/lazyImports}} -cryptography = ">= 41.0.0" +cryptography = ">= 46.0.5" python-dotenv = ">= 1.0.0" {{/poetry1}} {{^poetry1}} @@ -86,7 +86,7 @@ dependencies = [ {{#lazyImports}} "lazy-imports (>=1,<2)" {{/lazyImports}} - "cryptography" + "cryptography (>=46.0.5)" ] [project.optional-dependencies] @@ -118,7 +118,7 @@ python-dotenv = ">= 1.0.0" [build-system] -requires = ["setuptools"] +requires = ["setuptools>=82.0.1"] build-backend = "setuptools.build_meta" [tool.pylint.'MESSAGES CONTROL'] diff --git a/template/requirements.mustache b/template/requirements.mustache index 40b8dcf7..7a38d307 100644 --- a/template/requirements.mustache +++ b/template/requirements.mustache @@ -21,5 +21,5 @@ typing-extensions >= 4.7.1 {{#lazyImports}} lazy-imports >= 1, < 2 {{/lazyImports}} -cryptography >= 41.0.0 -setuptools >= 65.5.1 +cryptography >= 46.0.5 +setuptools >= 82.0.1 diff --git a/template/sealed.py.mustache b/template/sealed.py.mustache index 0ccf21ec..c264d0ee 100644 --- a/template/sealed.py.mustache +++ b/template/sealed.py.mustache @@ -1,7 +1,6 @@ import json import zlib -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from {{packageName}}.models.event import Event @@ -91,8 +90,7 @@ def __unseal_aes256gcm(sealed_data: bytes, decryption_key: bytes) -> str: decipher = Cipher( algorithms.AES(decryption_key), - modes.GCM(nonce, auth_tag), - backend=default_backend() + modes.GCM(nonce, auth_tag) ).decryptor() compressed = decipher.update(ciphertext) + decipher.finalize()