Release 3.6.5 prep and allow cryptography45 #1498
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* We pin the major version to prevent breakage: This is especially useful for sigstore-python the cli app * Pinning is a little painful for the users of sigstore-python the library... I think a reasonable compromise is to start updating cryptography pinning in point releases when it seems safe to do so. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
|
Good by me -- I don't believe there's a significant breakage risk for us here. Worst case we can always yank, though. |
woodruffw
approved these changes
Aug 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is for series/3.6.x and contains
@woodruffw let me know if you have opinions on the cryptography change -- I realize it has not really been tested: I've checked the git log on main and don't see any related changes so I feel like it should be safe as we've been using the new cryptography there for a while.
Copying the rationale from commit message for convenience: