Bump cryptography maximum version (#1566)

jku · web-flow · commit 2a5e4e44d94d · 2025-10-08T11:11:35.000+03:00
* cryptography 46 has been used in main for a while
* pinning cryptography in libraries is annoying so if we're doing a
  3.6.x release, bumping maybe makes sense

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,8 @@ All versions prior to 0.9.0 are untracked.
 
 * Improved error message when verifying bundles with rekor v2 entries
   ([#1565](https://github.com/sigstore/sigstore-python/pull/1565))
+* Added cryptography 46 to list of compatible cryptography releases
+  ([#1566](https://github.com/sigstore/sigstore-python/pull/1566))
 
 ## [3.6.5]
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -26,7 +26,7 @@ classifiers = [
   "Topic :: Security :: Cryptography",
 ]
 dependencies = [
-  "cryptography >= 42, < 46",
+  "cryptography >= 42, < 47",
   "id >= 1.1.0",
   "importlib_resources ~= 5.7; python_version < '3.11'",
   "pyasn1 ~= 0.6",

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ classifiers = [`
`26`	`26`	`"Topic :: Security :: Cryptography",`
`27`	`27`	`]`
`28`	`28`	`dependencies = [`
`29`		`- "cryptography >= 42, < 46",`
	`29`	`+ "cryptography >= 42, < 47",`
`30`	`30`	`"id >= 1.1.0",`
`31`	`31`	`"importlib_resources ~= 5.7; python_version < '3.11'",`
`32`	`32`	`"pyasn1 ~= 0.6",`