Description
Version
4.11.0
Describe the bug
The botbuilder libraries use an old version of the cryptography package which introduces dependency conflicts with other libs such as pyOpenSSL for example:
botframework-connector==4.11.0 requires adal==1.2.1, botbuilder-schema==4.11.0, cryptography==2.8.0, msal==1.2.0, msrest==0.6.10, PyJWT==1.5.3, requests==2.23.0
pyOpenSSL [required: >=16.2.0,<21.0.0, installed: 20.0.0]
- cryptography [required: >=3.2, installed: 2.8]
Other python packages use cryptography version 3 and above, so botbuilder conflicts with them as well.
I'm working for Toucan Toco (a data-storytelling software company). This is currently impacting our production, with and we don't have any other choice than to fork your repositiory to fix this issue. We're also thinking about dropping ms teams support.
Could you fix this?
To Reproduce
Create a project using botbuilder and any another python library that uses cryptography version 3. See that it conflicts.
Expected behavior
cryptography should be version 3 or above.
Additional context
dependabot already opened PRs:
- Bump cryptography from 2.8.0 to 3.2 in /libraries/botframework-connector #1424
- Bump cryptography from 2.8.0 to 3.2 in /libraries/botbuilder-core #1425
- Bump cryptography from 2.8 to 3.2 in /libraries/botbuilder-dialogs #1426
you "just" have to merge them