Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography 43.0.0 raises CryptographyDeprecationWarning (no PDF required) #2831

Closed
tony opened this issue Sep 4, 2024 · 1 comment
Closed

Cryptography 43.0.0 raises CryptographyDeprecationWarning (no PDF required) #2831

tony opened this issue Sep 4, 2024 · 1 comment

Comments

@tony
Copy link

tony commented Sep 4, 2024

After updating cryptography to 43.0.0 to fix a vulnerability, this CryptographyDeprecationWarning warning shows (and is loud in the sense it raises on important).

Environment

Which environment were you using when you encountered the problem?

$ python -m platform
# x86_64-unknown-linux-gnu

$ python -c "import pypdf;print(pypdf._debug_versions)"
# .venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4
pypdf==3.17.4, crypt_provider=('cryptography', '43.0.1'), PIL=10.3.0

cryptography

Code + PDF

This is a minimal, complete example that shows the issue:

mypy
.venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4
Success: no issues found in 3 source files

Does not require a PDF, merely having the module processed or eval'd into runtime shows the warning.

Traceback

This is the complete traceback I see:

.venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4
@tony
Copy link
Author

tony commented Sep 4, 2024
edited
Loading

Disregard this, apologies! This was my mistake. This deprecation warning was resolved via #2765 / 4.3.1.

This was due to poetry keeping a stale dependency on pypdf.

pip uninstall pypdf and then poetry install fixed this:

python -c "import pypdf;print(pypdf._debug_versions)"
pypdf==4.3.1, crypt_provider=('cryptography', '43.0.1'), PIL=10.3.0

mypy
Success: no issues found in 3 source files

@tony tony closed this as completed Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tony