Bump cryptography from 2.9.2 to 3.0

Created by: dependabot-preview[bot]

Bumps cryptography from 2.9.2 to 3.0.

Changelog

Sourced from cryptography's changelog.

3.0 - 2020-07-20

• BACKWARDS INCOMPATIBLE: Removed support for passing an ~cryptography.x509.Extension instance to ~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier, as per our deprecation policy.
• BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed (2.9.1+ is still supported).
• BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
• BACKWARDS INCOMPATIBLE: RSA ~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes).
• BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until ~cryptography.x509.Certificate.version is accessed.
• Deprecated support for Python 2. At the time there is no time table for actually dropping support, however we strongly encourage all users to upgrade their Python, as Python 2 no longer receives support from the Python core team.
• Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: ~cryptography.hazmat.primitives.serialization.load_ssh_private_key for loading and ~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH for writing.
• Added support for OpenSSH certificates to ~cryptography.hazmat.primitives.serialization.load_ssh_public_key.
• Added ~cryptography.fernet.Fernet.encrypt_at_time and ~cryptography.fernet.Fernet.decrypt_at_time to ~cryptography.fernet.Fernet.
• Added support for the ~cryptography.x509.SubjectInformationAccess X.509 extension.
• Added support for parsing ~cryptography.x509.SignedCertificateTimestamps in OCSP responses.
• Added support for parsing attributes in certificate signing requests via ~cryptography.x509.CertificateSigningRequest.get_attribute_for_oid.
• Added support for encoding attributes in certificate signing requests via ~cryptography.x509.CertificateSigningRequestBuilder.add_attribute.
• On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL's built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
• Added initial support for creating PKCS12 files with ~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates.

Commits

• b0d9bdc prep 3.0 for release (#5327)
• 6bd3faa Tell people to use black in our dev docs (#5328)
• 60aa044 Paint it Black by the Rolling Stones (#5324)
• 4a245a6 test FIPS mode on centos8 (#5323)
• 2fdb747 PKCS12 support (#5325)
• 972c886 refactor DH a bit to generate less parameters (#5326)
• 31359f3 fix grammar in error message (#5322)
• 084da16 disable the osrandom engine on 1.1.1d+ (#5317)
• 1604ea7 test exceptions and properly reject duplicate attributes in csrbuilder (#5319)
• b8656fc Implement deepcopy for x509 certificates (#5318)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)