chore: bump dependencies

.github/workflows/ci_static-analysis.yaml

@@ -17,7 +17,6 @@ jobs:
         category:
 # Disabled pending completion of integration
 # https://github.com/aws/aws-dynamodb-encryption-python/issues/66
-#          - mypy-py2
 #          - mypy-py3
           - bandit
           - doc8
@@ -31,8 +30,8 @@ jobs:
           - pylint-examples
           - black-check
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.8
       - run: |

.github/workflows/ci_tests.yaml

@@ -39,8 +39,8 @@ jobs:
 #          - integ-slow
 #          - examples
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python }}
           architecture: ${{ matrix.platform.architecture }}
@@ -52,28 +52,6 @@ jobs:
           TOXENV: ${{ matrix.category }}
         run: tox -- -vv
 
-  upstream-py3:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        category:
-          - nocmk
-          - sourcebuildcheck
-          - test-upstream-requirements-py37
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: 3.7
-      - run: |
-          python -m pip install --upgrade pip
-          pip install --upgrade -r dev_requirements/ci-requirements.txt
-      - name: run test
-        env:
-          TOXENV: ${{ matrix.category }}
-        run: tox -- -vv
-
   upstream-py311:
     runs-on: ubuntu-latest
     strategy:
@@ -84,8 +62,8 @@ jobs:
           - sourcebuildcheck
           - test-upstream-requirements-py311
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.11"
       - run: |

.github/workflows/repo-sync.yml

@@ -9,7 +9,7 @@ jobs:
     environment: repo-sync
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - uses: repo-sync/github-sync@v2
       name: Sync repo to branch
       with:

test/upstream-requirements-py311.txt

@@ -5,12 +5,12 @@ certifi==2023.7.22
 cffi==1.15.1
 charset-normalizer==3.0.1
 coverage==7.1.0
-cryptography==41.0.6
+cryptography==42.0.4
 execnet==1.9.0
 hypothesis==6.31.6
 idna==3.4
 iniconfig==2.0.0
-Jinja2==3.1.2
+Jinja2==3.1.3
 jmespath==0.10.0
 MarkupSafe==2.1.2
 mock==4.0.3
@@ -33,6 +33,6 @@ six==1.16.0
 sortedcontainers==2.4.0
 toml==0.10.2
 types-toml==0.10.8.5
-urllib3==1.26.14
-Werkzeug==2.2.3
+urllib3==1.26.18
+Werkzeug==2.3.8
 xmltodict==0.13.0

test/upstream.md

@@ -0,0 +1,7 @@
+AWS Crypto Tools maintains `test/upstream-requirements-py<VERSION>.txt` in our Python products such that 
+our Cryptographic Primitive Provider for Python ([pyca/cryptography](https://github.com/pyca/cryptography))
+may execute downstream tests against AWS Crypto Tools Python products.
+These files allow pyca to install and test the Crypto Tools products.
+Additionally, Crypto Tools should maintain a test configuration that can be completed without using any AWS resources.
+If Crypto Tools needs to contact pyca about this expectation,
+they should cut a issue to the pyca/cryptography repo.

tox.ini

@@ -5,7 +5,7 @@ envlist =
     docs, bandit, doc8, readme,
     flake8{,-tests,-examples}, pylint{,-tests,-examples},
     vulture,
-    test-upstream-requirements-py3{11,7}
+    test-upstream-requirements-py3{11}
 
 # Additional environments:
 #
@@ -119,15 +119,6 @@ recreate = True
 deps =
 commands = {toxinidir}/test/freeze-upstream-requirements.sh
 
-# Freeze for Python 3.7
-[testenv:freeze-upstream-requirements-py37]
-basepython = python3.7
-sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages}
-skip_install = {[testenv:freeze-upstream-requirements-base]skip_install}
-recreate = {[testenv:freeze-upstream-requirements-base]recreate}
-deps = {[testenv:freeze-upstream-requirements-base]deps}
-commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt
-
 # Freeze for Python 3.11
 [testenv:freeze-upstream-requirements-py311]
 basepython = python3.11
@@ -144,15 +135,6 @@ recreate = True
 passenv =
 commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples
 
-# Test frozen upstream requirements for Python 3.7
-[testenv:test-upstream-requirements-py37]
-basepython = python3.7
-passenv =
-deps = -rtest/upstream-requirements-py37.txt
-sitepackages = {[testenv:test-upstream-requirements-base]sitepackages}
-recreate = {[testenv:test-upstream-requirements-base]recreate}
-commands = {[testenv:test-upstream-requirements-base]commands}
-
 # Test frozen upstream requirements for Python 3.11
 [testenv:test-upstream-requirements-py311]
 basepython = python3.11