Contributor

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

• Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

lucasmcdonald3 previously approved these changes Feb 24, 2026

View reviewed changes

bump bandit

e8c8d9d

bump linter deps

cb0733c

bump python version in static analysis

2c576bf

more

dfef217

m

a0b862e

m

75b6f3a

lucasmcdonald3 approved these changes Feb 24, 2026

View reviewed changes

….1,<5 (#37)

Updates the requirements on
[aws-encryption-sdk](https://github.com/aws/aws-encryption-sdk-python)
to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-encryption-sdk-python/releases">aws-encryption-sdk's
releases</a>.</em></p>
<blockquote>
<h2>4.0.4 -- 2026-02-26</h2>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.2
<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/788">#788</a></p>
<p>MPL v1.11.2 fixes de-serializing Error_OpaqueWithText and bumps
cryptography upperbound to &lt;47 due to CVE-2026-26007 (<a
href="https://redirect.github.com/aws/aws-cryptographic-material-providers-library/pull/1800">#1800</a>)</p>
</li>
</ul>
<h3>NOTE</h3>
<p>This library is <strong>NOT</strong> impacted by CVE-2026-26007. This
library does not use SECT curves.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-encryption-sdk-python/blob/master/CHANGELOG.rst">aws-encryption-sdk's
changelog</a>.</em></p>
<blockquote>
<h1>4.0.4 -- 2025-09-03</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.2

<code>[#788](aws/aws-encryption-sdk-python#788)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/788&gt;</code>_</p>
<p>MPL v1.11.2 fixes de-serializing Error_OpaqueWithText</p>
</li>
</ul>
<h1>4.0.3 -- 2025-09-03</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.1

<code>[#770](aws/aws-encryption-sdk-python#770)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/770&gt;</code>_</p>
<p>MPL v1.11.1 updates pytz version range to include 2025 releases.</p>
</li>
</ul>
<h1>4.0.2 -- 2025-06-30</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.0

<code>[#763](aws/aws-encryption-sdk-python#763)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/763&gt;</code>_</p>
<p>MPL v1.11.0 contains performance improvements for the hierarchical
keyring and
extends the range of supported <code>cryptography</code> versions.</p>
</li>
</ul>
<h1>4.0.1 -- 2025-03-26</h1>
<h2>Fixes</h2>
<ul>
<li>
<p>fix: Improve header serialization

<code>[#747](aws/aws-encryption-sdk-python#747)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/747&gt;</code>_</p>
<p>ESDK-Python &lt;4.0.1 would truncate non-ASCII key provider IDs it
wrote to message headers.
If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key
provider ID / key namespace,
ESDK-Python would truncate the the key provider ID it wrote to the
message's header.
The message can be decrypted by replacing the truncated provider ID with
the expected provider ID in decryption code.
Contact AWS for any questions about this approach.</p>
</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>deps: Extend supported <code>MPL</code>_ versions to include
v1.10.0</li>
</ul>
<p>4.0.0 -- 2024-10-29</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/2153057b32b5d2c6eb3564e0e4f5e5e9459c2f64"><code>2153057</code></a>
chore: preflight for 4.0.4 release (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/789">#789</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/5e0aed7aa0426bbb87d7154e690218c4b0734dd2"><code>5e0aed7</code></a>
chore: extend mpl support for 1.11.2 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/788">#788</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/20ec402e08da8f8277601b57912a6ba9e529263e"><code>20ec402</code></a>
chore(CI): fix CI (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/785">#785</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/b441d84460e7bb9ffff67e7fe52ccd0f857c5b86"><code>b441d84</code></a>
chore: : scope down GitHub Token permissions (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/786">#786</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/d316a1835869a27b76ff6dfe8db6897e85f6eebd"><code>d316a18</code></a>
chore: update CHANGELOG for v4.0.3 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/770">#770</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/cbfab663e94c4ed1db5211886770e1aa403a7c67"><code>cbfab66</code></a>
chore(CI): clean up gha and unused files (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/767">#767</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/ee9e3f86903006f256e652a172ae493a2fbbb523"><code>ee9e3f8</code></a>
chore: remove uploading fake artifacts during release (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/765">#765</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/848f1714d2b5c8469cc41266f4215bb7aaefed55"><code>848f171</code></a>
chore: Update CHANGELOG for v4.0.2 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/763">#763</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/b423f5c9a8e18294e4bce6d74b0001ec5bf9d6ac"><code>b423f5c</code></a>
chore(CI): Use Github Actions to start CodeBuild builds (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/762">#762</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/0dd4e16d10fc139e24908bfd0008d57680b064e9"><code>0dd4e16</code></a>
chore: Update SUPPORT_POLICY.rst (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/756">#756</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-encryption-sdk-python/compare/v3.1.1...v4.0.4">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>