Bump up cryptography upperbound

rayluo · web-flow · commit f0f00afd2e84 · 2022-09-19T20:48:53.000-07:00
We have reviewed https://cryptography.io/en/latest/changelog/
diff --git a/setup.py b/setup.py
@@ -76,7 +76,7 @@
         'requests>=2.0.0,<3',
         'PyJWT[crypto]>=1.0.0,<3',  # MSAL does not use jwt.decode(), therefore is insusceptible to CVE-2022-29217 so no need to bump to PyJWT 2.4+
 
-        'cryptography>=0.6,<40',
+        'cryptography>=0.6,<41',
             # load_pem_private_key() is available since 0.6
             # https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#06---2014-09-29
             #

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@`
`76`	`76`	`'requests>=2.0.0,<3',`
`77`	`77`	`'PyJWT[crypto]>=1.0.0,<3', # MSAL does not use jwt.decode(), therefore is insusceptible to CVE-2022-29217 so no need to bump to PyJWT 2.4+`
`78`	`78`
`79`		`- 'cryptography>=0.6,<40',`
	`79`	`+ 'cryptography>=0.6,<41',`
`80`	`80`	`# load_pem_private_key() is available since 0.6`
`81`	`81`	`# https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#06---2014-09-29`
`82`	`82`	`#`