Sourced from cryptography's changelog.

45.0.2 - 2025-05-17

* Fixed using ``mypy`` with ``cryptography`` on older versions of Python.
.. _v45-0-1:
45.0.1 - 2025-05-17

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0.

.. _v45-0-0:

45.0.0 - 2025-05-17 (YANKED)

* Support for Python 3.7 is deprecated and will be removed in the next
  ``cryptography`` release.
* Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
* Added support for serialization of PKCS#12 Java truststores in
  :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore`
* Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and
  :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.verify_phc_encoded` methods
  to support password hashing in the PHC string format
* Added support for PKCS7 decryption and encryption using AES-256 as the
  content algorithm, in addition to AES-128.
* **BACKWARDS INCOMPATIBLE:** Made SSH private key loading more consistent with
  other private key loading:
  :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`
  now raises a ``TypeError`` if the key is unencrypted but a password is
  provided (previously no exception was raised), and raises a ``TypeError`` if
  the key is encrypted but no password is provided (previously a ``ValueError``
  was raised).
* We significantly refactored how private key loading (
  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
  and
  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`)
  works. This is intended to be backwards compatible for all well-formed keys,
  therefore if you discover a key that now raises an exception, please file a
  bug with instructions for reproducing.
* Added ``unsafe_skip_rsa_key_validation`` keyword-argument to
  :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key`.
* Added :class:`~cryptography.hazmat.primitives.hashes.XOFHash` to support
  repeated :meth:`~cryptography.hazmat.primitives.hashes.XOFHash.squeeze`
  operations on extendable output functions.
* Added
  :meth:`~cryptography.x509.ocsp.OCSPResponseBuilder.add_response_by_hash`
  method to allow creating OCSP responses using certificate hash values rather
  than full certificates.
</tr></table> 

... (truncated)

• f81c075 Backport mypy fixes for release (#12930)
• 8ea28e0 bump for 45.0.1 (#12922)
• 6784097 bump for 45 release (#12886)
• 2d9c1c9 bump MSRV to 1.74 (#12919)
• 6c18874 Bump BoringSSL, OpenSSL, AWS-LC in CI (#12918)
• 43fd312 add test vectors for upcoming explicit curve loading (#12913)
• 6bfa0a3 chore(deps): bump asn1 from 0.21.2 to 0.21.3 (#12914)
• a88dd66 chore(deps): bump cc from 1.2.22 to 1.2.23 (#12912)
• e4e9840 chore(deps): bump uv from 0.7.3 to 0.7.4 in /.github/requirements (#12911)
• e140233 chore(deps): bump uv from 0.7.3 to 0.7.4 (#12910)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)