From dec87b90c833baf8a0ddc0827e1880583fab1bcb Mon Sep 17 00:00:00 2001
From: Shantanu <12621235+hauntsaninja@users.noreply.github.com>
Date: Mon, 27 Oct 2025 15:32:58 -0700
Subject: [PATCH] Drop upper bounds on cryptography and pyopenssl

These are security critical dependencies. Bounds here limit people's ability to respond to vulnerabilities. See also https://iscinumpy.dev/post/bound-version-constraints/
---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 819d8ba4f8..c0753d48ff 100644
--- a/setup.py
+++ b/setup.py
@@ -32,8 +32,8 @@ def open_relative(*path):
 requires = [
     "certifi",
     "configparser==4.0.2 ; python_version < '3'",
-    "cryptography>=3.2.1,<46.0.0",
-    "pyOpenSSL>=17.5.0,<25.0.0",
+    "cryptography>=3.2.1",
+    "pyOpenSSL>=17.5.0",
     "python-dateutil>=2.5.3,<3.0.0",
     "pytz>=2016.10",
     "circuitbreaker>=1.3.1,<2.0.0; python_version <= '3.6'",