There has been a recent vulnerability found in Cryptography 41.0.0 which requires an upgrade to at least 42.0.0. However you have pinned pyopenssl to <=23.2.0 and Cryptography 42.0.0 requires pyopenssl 23.3.0. Additionally this mastercard library uses the load_pkcs12 functionality which has been deprecated in pyopenssl version 23.3.0. Due to these dependencies we have been unable to upgrade to the latest Cryptography version. I have also raised this issue with another of your python libraries: https://github.com/Mastercard/oauth1-signer-python/issues/52
github link to Cryptography vulnerability: GithubLink
ShimonaR-MC
commented
6 months ago
There has been a recent vulnerability found in Cryptography 41.0.0 which requires an upgrade to at least 42.0.0. However you have pinned pyopenssl to <=23.2.0 and Cryptography 42.0.0 requires pyopenssl 23.3.0. Additionally this mastercard library uses the load_pkcs12 functionality which has been deprecated in pyopenssl version 23.3.0. Due to these dependencies we have been unable to upgrade to the latest Cryptography version. I have also raised this issue with another of your python libraries: https://github.com/Mastercard/oauth1-signer-python/issues/52
Please upgrade the mastercard client-encryption-python library to support openssl version 23.3.0