Feature/cryptography 47 upgrade#7071
Conversation
- Update cryptography dependency from >=46.0.5,<47.0.0 to >=47.0.0,<48.0.0 - Cryptography 47.0.0 includes important security updates and performance improvements - Requires OpenSSL 3.0+, which is already used in all CI/Docker environments - No code changes needed - UnsupportedAlgorithm exception handling already in place - All elliptic curves used (SECP384R1) are NIST-approved and compatible See #TODO for detailed verification and testing.
- Document all verification steps completed - Verify CI environment compatibility (OpenSSL 3.0+) - Confirm exception handling patterns in place - Validate NIST curve usage - Outline remaining steps for lock file and testing
Comprehensive summary of: - Completed verification tasks - Files modified and added - Testing plan and next steps - Compatibility matrix - Breaking changes addressed - Rollback procedures
Comprehensive guide for submitting the PR including: - Step-by-step submission instructions - Summary of all 3 commits - Verification checklist - Testing plan - Documentation references
Complete step-by-step instructions for: - Setting up fork remote - Pushing feature branch - Creating PR via GitHub web interface - Verification and next steps - Troubleshooting guide
Comprehensive document showing: - All 5 commits with file summaries - Final changes statistics (959 lines added) - Complete verification checklist - Next steps for PR submission - Technical specifications - Security benefits PR is ready for immediate submission
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3f1a94ad69
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "grpcio-health-checking>=1.70.0,<2.0.0", | ||
| "protobuf>=5.28.0,<7.0.0", | ||
| "cryptography>=46.0.5,<47.0.0", | ||
| "cryptography>=47.0.0,<48.0.0", |
There was a problem hiding this comment.
This change updates framework/pyproject.toml to require cryptography>=47.0.0,<48.0.0 but does not update framework/uv.lock, which still pins cryptography to 46.0.5. The repo’s lockfile check workflow (.github/workflows/repo-check-uv-lock.yml, uv lock --check) runs on any pyproject.toml change, so this mismatch will cause CI to fail until the lockfile is regenerated and committed.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR upgrades the framework's cryptography dependency to 47.x and adds several repository-root markdown files describing the upgrade verification and PR submission process.
Changes:
- Bump
cryptographyinframework/pyproject.tomlfrom the 46.x range to the 47.x range. - Add upgrade/verification summaries and rollout notes in new markdown files.
- Add contributor workflow docs for creating the PR via CLI and the GitHub web UI.
Reviewed changes
Copilot reviewed 1 out of 1 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| framework/pyproject.toml | Updates the declared cryptography dependency range. |
| PR_SUBMISSION_GUIDE.md | Adds a branch-specific PR preparation/status guide. |
| IMPLEMENTATION_SUMMARY.md | Summarizes verification work, testing plans, and follow-up steps. |
| GITHUB_WEB_SUBMISSION.md | Adds GitHub web UI instructions for submitting this upgrade PR. |
| CRYPTOGRAPHY_UPGRADE_COMPLETE.md | Adds a final status summary and submission checklist. |
| CRYPTOGRAPHY_47_UPGRADE.md | Documents compatibility checks, assumptions, and test plans for the upgrade. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "grpcio-health-checking>=1.70.0,<2.0.0", | ||
| "protobuf>=5.28.0,<7.0.0", | ||
| "cryptography>=46.0.5,<47.0.0", | ||
| "cryptography>=47.0.0,<48.0.0", |
github-actions
Bot
added
the
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "grpcio-health-checking>=1.70.0,<2.0.0", | ||
| "protobuf>=5.28.0,<7.0.0", | ||
| "cryptography>=46.0.5,<47.0.0", | ||
| "cryptography>=47.0.0,<48.0.0", |
There was a problem hiding this comment.
@copilot Update pyproject.toml: Use the >=46.0.5,<48.0.0 range.
Regenerate the lockfile: As noted by the chatgpt-codex-connector, you need to run your sync command (likely uv lock) to ensure framework/uv.lock is updated, otherwise, your CI checks will fail.
Remove documentation artifacts: Ensure those temporary .md files mentioned in the PR commits are cleaned up if they are no longer needed for the final merge.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "grpcio-health-checking>=1.70.0,<2.0.0", | ||
| "protobuf>=5.28.0,<7.0.0", | ||
| "cryptography>=46.0.5,<47.0.0", | ||
| "cryptography>=47.0.0,<48.0.0", |
| "grpcio-health-checking>=1.70.0,<2.0.0", | ||
| "protobuf>=5.28.0,<7.0.0", | ||
| "cryptography>=46.0.5,<47.0.0", | ||
| "cryptography>=47.0.0,<48.0.0", |
Issue
Description
Related issues/PRs
Proposal
Explanation
Checklist
#contributions)Any other comments?