Bump cryptography from 39.0.1 to 40.0.1

Bumps cryptography from 39.0.1 to 40.0.1.

Changelog

Sourced from cryptography's changelog.

40.0.1 - 2023-03-24

* Fixed a bug where certain operations would fail if an object happened to be
  in the top-half of the memory-space. This only impacted 32-bit systems.
.. _v40-0-0:
40.0.0 - 2023-03-24

• BACKWARDS INCOMPATIBLE: As announced in the 39.0.0 changelog, the way cryptography links OpenSSL has changed. This only impacts users who build cryptography from source (i.e., not from a wheel), and specify their own version of OpenSSL. For those users, the CFLAGS, LDFLAGS, INCLUDE, LIB, and CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS environment variables are no longer valid. Instead, users need to configure their builds as documented here_.
• Support for Python 3.6 is deprecated and will be removed in the next release.
• Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check :doc:/installation for documentation on installing a newer rustc if required.
• Deprecated support for OpenSSL less than 1.1.1d. The next release of cryptography will drop support for older versions.
• Deprecated support for DSA keys in :func:~cryptography.hazmat.primitives.serialization.load_ssh_public_key and :func:~cryptography.hazmat.primitives.serialization.load_ssh_private_key.
• Deprecated support for OpenSSH serialization in :class:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey and :class:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.
• The minimum supported version of PyPy3 is now 7.3.10.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0.
• Added support for parsing SSH certificates in addition to public keys with :func:~cryptography.hazmat.primitives.serialization.load_ssh_public_identity. :func:~cryptography.hazmat.primitives.serialization.load_ssh_public_key continues to support only public keys.
• Added support for generating SSH certificates with :class:~cryptography.hazmat.primitives.serialization.SSHCertificateBuilder.
• Added :meth:~cryptography.x509.Certificate.verify_directly_issued_by to :class:~cryptography.x509.Certificate.
• Added a check to :class:~cryptography.x509.NameConstraints to ensure that :class:~cryptography.x509.DNSName constraints do not contain any * wildcards.
• Removed many unused CFFI OpenSSL bindings. This will not impact you unless

... (truncated)

Commits

• 9dd0b26 Backport fix for 40.0.1 (#8603)
• 45e3771 version bump and changelog for 40.0.0 (#8583)
• c8328c0 Migrate x25519 to use rust-openssl (#7933)
• 370280b fixes #8450 -- enable sparse registry everywhere (#8566)
• 6a900fe Bump ruff from 0.0.258 to 0.0.259 (#8580)
• 1a911a0 Bump openssl from 0.10.47 to 0.10.48 in /src/rust (#8581)
• f147302 Bump filelock from 3.10.2 to 3.10.3 (#8579)
• 005bbe0 Bump BoringSSL and/or OpenSSL in CI (#8578)
• 41ebbe7 Bump filelock from 3.10.0 to 3.10.2 (#8575)
• 9b906f0 we don't need these in the constraints since we no longer depend on them (#8577)
• Additional commits viewable in compare view