cryptography package had a security vulnerability in the version we had
pinned, but it seems to be a nested dependency anyway (or we're not using it?) so this
removes the requirement in the hopes that either we actually aren't using it or the host
package will resolve the cryptography dependency to a secure version.
cryptography package had a security vulnerability in the version we had pinned, but it seems to be a nested dependency anyway (or we're not using it?) so this removes the requirement in the hopes that either we actually aren't using it or the host package will resolve the cryptography dependency to a secure version.
[#175619039]