Allow newer cryptography and add Python 3.14 tox#670
Merged
dajiaji merged 2 commits intoJun 30, 2026
Merged
Conversation
Widen the direct cryptography constraint, add py314 to the tox matrix, and refresh the expired certificate fixture used by certificate validation tests.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #670 +/- ##
=======================================
Coverage 97.01% 97.01%
=======================================
Files 32 32
Lines 3445 3445
=======================================
Hits 3342 3342
Misses 103 103 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Contributor
Author
|
@dajiaji this is a minimal set of changes to enable usage of python-cwt with newer versions of the cryptography library and newer versions of the Python interpreter. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the project metadata and test fixtures for the current supported dependency/runtime landscape:
cryptographydependency constraint from<47to<50tox-gh-actionsmapping aspy314Why the certificate fixture changed
The existing
tests/keys/certs/server.pemfixture expired on 2026-03-16. As of the current date, the certificate validation sample tests fail becausecryptography.x509.verificationcorrectly rejects the expired certificate at validation time.The refresh keeps the existing server key and CA material, but regenerates the server certificate with a new validity window and updates the embedded
x5cvalue in the JWK fixtures. That preserves the intent of the tests while making them pass under real certificate validation rules again.Cryptography dependency note
This PR allows recent
cryptographyreleases at thepython-cwtdirect dependency level by changing the range to<50. This is a metadata compatibility step toward accepting the current 49.x release line.Poetry still cannot resolve
cryptography==49.0.0today because the requiredpyhpkedependency currently declarescryptography >=42.0.1,<47. A follow-up PR is needed inpyhpketo allow newercryptographyversions there too; once that is released,python-cwtshould be able to pick up the newer cryptography line through the full dependency graph.Validation
poetry run tox -llistspy314poetry run pytest -ra testspasses:1345 passed