[BUG] New vulnerability found in Cryptography library requires Cryptography version 42.0.0 which conflicts with your pyopenssl pinned versions

[Rizzle93]

There has been a recent vulnerability found in Cryptography 41.0.0 which requires an upgrade to at least 42.0.0. However you have pinned pyopenssl to <=23.2.0 and Cryptography 42.0.0 requires pyopenssl 23.3.0. Additionally this mastercard library uses the load_pkcs12 functionality which has been deprecated in pyopenssl version 23.3.0. Due to these dependencies we have been unable to upgrade to the latest Cryptography version. I have also raised this with another of your python libraries: https://github.com/Mastercard/client-encryption-python/issues/27

github link to Cryptography vulnerability: GithubLink cve link to Cryptography vulnerability: CVELink Please upgrade the mastercard-oauth1-signer-python library to support openssl version 23.3.0

[xbian]

I have the same conflict.

[karen-avetisyan-mc]

Hi Folks, this issues has been fixed in 1.8.0 release Thanks