Contributor

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

• Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

chore: update CHANGELOG for v4.0.3

4176d71

nit

990c8db

update deps

ecb5db9

lucasmcdonald3 reviewed Sep 2, 2025

View reviewed changes

lucasmcdonald3 previously approved these changes Sep 2, 2025

View reviewed changes

lucasmcdonald3 approved these changes Sep 3, 2025

View reviewed changes

….1,<5 (#37)

Updates the requirements on
[aws-encryption-sdk](https://github.com/aws/aws-encryption-sdk-python)
to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-encryption-sdk-python/releases">aws-encryption-sdk's
releases</a>.</em></p>
<blockquote>
<h2>4.0.4 -- 2026-02-26</h2>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.2
<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/788">#788</a></p>
<p>MPL v1.11.2 fixes de-serializing Error_OpaqueWithText and bumps
cryptography upperbound to &lt;47 due to CVE-2026-26007 (<a
href="https://redirect.github.com/aws/aws-cryptographic-material-providers-library/pull/1800">#1800</a>)</p>
</li>
</ul>
<h3>NOTE</h3>
<p>This library is <strong>NOT</strong> impacted by CVE-2026-26007. This
library does not use SECT curves.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-encryption-sdk-python/blob/master/CHANGELOG.rst">aws-encryption-sdk's
changelog</a>.</em></p>
<blockquote>
<h1>4.0.4 -- 2025-09-03</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.2

<code>[#788](aws/aws-encryption-sdk-python#788)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/788&gt;</code>_</p>
<p>MPL v1.11.2 fixes de-serializing Error_OpaqueWithText</p>
</li>
</ul>
<h1>4.0.3 -- 2025-09-03</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.1

<code>[#770](aws/aws-encryption-sdk-python#770)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/770&gt;</code>_</p>
<p>MPL v1.11.1 updates pytz version range to include 2025 releases.</p>
</li>
</ul>
<h1>4.0.2 -- 2025-06-30</h1>
<h2>Maintenance</h2>
<ul>
<li>
<p>deps: Extend supported <code>MPL</code>_ versions to include v1.11.0

<code>[#763](aws/aws-encryption-sdk-python#763)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/763&gt;</code>_</p>
<p>MPL v1.11.0 contains performance improvements for the hierarchical
keyring and
extends the range of supported <code>cryptography</code> versions.</p>
</li>
</ul>
<h1>4.0.1 -- 2025-03-26</h1>
<h2>Fixes</h2>
<ul>
<li>
<p>fix: Improve header serialization

<code>[#747](aws/aws-encryption-sdk-python#747)
&lt;https://github.com/aws/aws-encryption-sdk-python/pull/747&gt;</code>_</p>
<p>ESDK-Python &lt;4.0.1 would truncate non-ASCII key provider IDs it
wrote to message headers.
If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key
provider ID / key namespace,
ESDK-Python would truncate the the key provider ID it wrote to the
message's header.
The message can be decrypted by replacing the truncated provider ID with
the expected provider ID in decryption code.
Contact AWS for any questions about this approach.</p>
</li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>deps: Extend supported <code>MPL</code>_ versions to include
v1.10.0</li>
</ul>
<p>4.0.0 -- 2024-10-29</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/2153057b32b5d2c6eb3564e0e4f5e5e9459c2f64"><code>2153057</code></a>
chore: preflight for 4.0.4 release (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/789">#789</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/5e0aed7aa0426bbb87d7154e690218c4b0734dd2"><code>5e0aed7</code></a>
chore: extend mpl support for 1.11.2 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/788">#788</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/20ec402e08da8f8277601b57912a6ba9e529263e"><code>20ec402</code></a>
chore(CI): fix CI (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/785">#785</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/b441d84460e7bb9ffff67e7fe52ccd0f857c5b86"><code>b441d84</code></a>
chore: : scope down GitHub Token permissions (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/786">#786</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/d316a1835869a27b76ff6dfe8db6897e85f6eebd"><code>d316a18</code></a>
chore: update CHANGELOG for v4.0.3 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/770">#770</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/cbfab663e94c4ed1db5211886770e1aa403a7c67"><code>cbfab66</code></a>
chore(CI): clean up gha and unused files (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/767">#767</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/ee9e3f86903006f256e652a172ae493a2fbbb523"><code>ee9e3f8</code></a>
chore: remove uploading fake artifacts during release (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/765">#765</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/848f1714d2b5c8469cc41266f4215bb7aaefed55"><code>848f171</code></a>
chore: Update CHANGELOG for v4.0.2 (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/763">#763</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/b423f5c9a8e18294e4bce6d74b0001ec5bf9d6ac"><code>b423f5c</code></a>
chore(CI): Use Github Actions to start CodeBuild builds (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/762">#762</a>)</li>
<li><a
href="https://github.com/aws/aws-encryption-sdk-python/commit/0dd4e16d10fc139e24908bfd0008d57680b064e9"><code>0dd4e16</code></a>
chore: Update SUPPORT_POLICY.rst (<a
href="https://redirect.github.com/aws/aws-encryption-sdk-python/issues/756">#756</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-encryption-sdk-python/compare/v3.1.1...v4.0.4">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>