Bump cryptography from 3.1.1 to 3.2

Created by: dependabot-preview[bot]

Bumps cryptography from 3.1.1 to 3.2.

Changelog

Sourced from cryptography's changelog.

3.2 - 2020-10-25

• SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659
• Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade.
• Added basic support for PKCS7 signing (including SMIME) via ~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder.

Commits

• c9e6522 3.2 release (#5508)
• 58494b4 Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)
• cf9bd6a move blinding to init on both RSA public and private (#5506)
• bf4b962 be more verbose in the 102 deprecation notice (#5505)
• ada53e7 make the regexes for branches more strict (#5504)
• 8be1d4b Stop using @master for GH actions (#5503)
• 08a97cc Bump actions/upload-artifact from v1 to v2.2.0 (#5502)
• 52a0e44 Add a dependabot configuration to bump our github actions (#5501)
• 611c4a3 PKCS7SignatureBuilder now supports new option NoCerts when signing (#5500)
• 836a92a chunking didn't actually work (#5499)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)