From 681f9d549ce5f8239f7985001bb54d11d2d2d928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eray=20Ayd=C4=B1n?= Date: Wed, 18 Mar 2026 17:21:53 +0300 Subject: [PATCH 1/2] chore: upgrade setuptools minimum version 82.0.1 Bump `setuptools` minimum constraint from `65.5.1` to `82.0.1` in `requirements.txt` and `pyproject.toml` to address known security vulnerabilities. Related-Task: INTER-1897 --- pyproject.toml | 2 +- requirements.txt | 2 +- template/pyproject.mustache | 2 +- template/requirements.mustache | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index ca7a2791..79dcd59d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -39,7 +39,7 @@ python-dotenv = ">= 1.0.0" [build-system] -requires = ["setuptools"] +requires = ["setuptools>=82.0.1"] build-backend = "setuptools.build_meta" [tool.pylint.'MESSAGES CONTROL'] diff --git a/requirements.txt b/requirements.txt index 3cd5e516..de787f74 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,4 +3,4 @@ python_dateutil >= 2.8.2 pydantic >= 2 typing-extensions >= 4.7.1 cryptography >= 41.0.0 -setuptools >= 65.5.1 +setuptools >= 82.0.1 diff --git a/template/pyproject.mustache b/template/pyproject.mustache index 445b9f43..0e130b20 100644 --- a/template/pyproject.mustache +++ b/template/pyproject.mustache @@ -118,7 +118,7 @@ python-dotenv = ">= 1.0.0" [build-system] -requires = ["setuptools"] +requires = ["setuptools>=82.0.1"] build-backend = "setuptools.build_meta" [tool.pylint.'MESSAGES CONTROL'] diff --git a/template/requirements.mustache b/template/requirements.mustache index 40b8dcf7..f969906f 100644 --- a/template/requirements.mustache +++ b/template/requirements.mustache @@ -22,4 +22,4 @@ typing-extensions >= 4.7.1 lazy-imports >= 1, < 2 {{/lazyImports}} cryptography >= 41.0.0 -setuptools >= 65.5.1 +setuptools >= 82.0.1 From 91288d573e31aa54e51ae83ba25e5dc6e8cf22a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eray=20Ayd=C4=B1n?= Date: Wed, 18 Mar 2026 17:32:49 +0300 Subject: [PATCH 2/2] chore: upgrade cryptography minimum version 46.0.5 Bump cryptography minimum constraint from `41.0.0` to `46.0.5`. Related-Task: INTER-1897 --- .changeset/rotten-turtles-give.md | 5 +++++ fingerprint_server_sdk/sealed.py | 5 +---- pyproject.toml | 2 +- requirements.txt | 2 +- template/pyproject.mustache | 4 ++-- template/requirements.mustache | 2 +- template/sealed.py.mustache | 4 +--- 7 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 .changeset/rotten-turtles-give.md diff --git a/.changeset/rotten-turtles-give.md b/.changeset/rotten-turtles-give.md new file mode 100644 index 00000000..fa56cab7 --- /dev/null +++ b/.changeset/rotten-turtles-give.md @@ -0,0 +1,5 @@ +--- +"@fingerprint/python-sdk": patch +--- + +Bump minimum required `cryptography` version from `41.0.0` to `46.0.5`. diff --git a/fingerprint_server_sdk/sealed.py b/fingerprint_server_sdk/sealed.py index ac9c8fb6..7f8ef22d 100644 --- a/fingerprint_server_sdk/sealed.py +++ b/fingerprint_server_sdk/sealed.py @@ -1,7 +1,6 @@ import json import zlib -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from fingerprint_server_sdk.models.event import Event @@ -92,9 +91,7 @@ def __unseal_aes256gcm(sealed_data: bytes, decryption_key: bytes) -> str: ciphertext = sealed_data[len(SEALED_HEADER) + nonce_length : -auth_tag_length] - decipher = Cipher( - algorithms.AES(decryption_key), modes.GCM(nonce, auth_tag), backend=default_backend() - ).decryptor() + decipher = Cipher(algorithms.AES(decryption_key), modes.GCM(nonce, auth_tag)).decryptor() compressed = decipher.update(ciphertext) + decipher.finalize() diff --git a/pyproject.toml b/pyproject.toml index 79dcd59d..4a989aed 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "python-dateutil (>=2.8.2)", "pydantic (>=2)", "typing-extensions (>=4.7.1)", - "cryptography" + "cryptography (>=46.0.5)" ] [project.optional-dependencies] diff --git a/requirements.txt b/requirements.txt index de787f74..7967c9c4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,5 +2,5 @@ urllib3 >= 2.1.0, < 3.0.0 python_dateutil >= 2.8.2 pydantic >= 2 typing-extensions >= 4.7.1 -cryptography >= 41.0.0 +cryptography >= 46.0.5 setuptools >= 82.0.1 diff --git a/template/pyproject.mustache b/template/pyproject.mustache index 0e130b20..7958f7ac 100644 --- a/template/pyproject.mustache +++ b/template/pyproject.mustache @@ -56,7 +56,7 @@ typing-extensions = ">= 4.7.1" {{#lazyImports}} lazy-imports = ">= 1, < 2" {{/lazyImports}} -cryptography = ">= 41.0.0" +cryptography = ">= 46.0.5" python-dotenv = ">= 1.0.0" {{/poetry1}} {{^poetry1}} @@ -86,7 +86,7 @@ dependencies = [ {{#lazyImports}} "lazy-imports (>=1,<2)" {{/lazyImports}} - "cryptography" + "cryptography (>=46.0.5)" ] [project.optional-dependencies] diff --git a/template/requirements.mustache b/template/requirements.mustache index f969906f..7a38d307 100644 --- a/template/requirements.mustache +++ b/template/requirements.mustache @@ -21,5 +21,5 @@ typing-extensions >= 4.7.1 {{#lazyImports}} lazy-imports >= 1, < 2 {{/lazyImports}} -cryptography >= 41.0.0 +cryptography >= 46.0.5 setuptools >= 82.0.1 diff --git a/template/sealed.py.mustache b/template/sealed.py.mustache index 0ccf21ec..c264d0ee 100644 --- a/template/sealed.py.mustache +++ b/template/sealed.py.mustache @@ -1,7 +1,6 @@ import json import zlib -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from {{packageName}}.models.event import Event @@ -91,8 +90,7 @@ def __unseal_aes256gcm(sealed_data: bytes, decryption_key: bytes) -> str: decipher = Cipher( algorithms.AES(decryption_key), - modes.GCM(nonce, auth_tag), - backend=default_backend() + modes.GCM(nonce, auth_tag) ).decryptor() compressed = decipher.update(ciphertext) + decipher.finalize()