Cryptography 43.0.0 raises CryptographyDeprecationWarning (no PDF required) #2831
Description
After updating cryptography to 43.0.0 to fix a vulnerability, this CryptographyDeprecationWarning warning shows (and is loud in the sense it raises on important).
Environment
Which environment were you using when you encountered the problem?
$ python -m platform
# x86_64-unknown-linux-gnu
$ python -c "import pypdf;print(pypdf._debug_versions)"
# .venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4
pypdf==3.17.4, crypt_provider=('cryptography', '43.0.1'), PIL=10.3.0cryptography
Code + PDF
This is a minimal, complete example that shows the issue:
mypy
.venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4
Success: no issues found in 3 source filesDoes not require a PDF, merely having the module processed or eval'd into runtime shows the warning.
Traceback
This is the complete traceback I see:
.venv/lib/python3.12/site-packages/pypdf/_crypt_providers/_cryptography.py:32: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
from cryptography.hazmat.primitives.ciphers.algorithms import AES, ARC4