From 16dcb22690c1c66e96a7c96b4dda4cf7ceb58e00 Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo@microsoft.com>
Date: Thu, 30 Sep 2021 11:56:52 -0700
Subject: [PATCH] Bumping cryptography upper bound to X+3

---
 setup.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/setup.py b/setup.py
index 79bdda3e..c5d89186 100644
--- a/setup.py
+++ b/setup.py
@@ -75,14 +75,13 @@
         'requests>=2.0.0,<3',
         'PyJWT[crypto]>=1.0.0,<3',
 
-        'cryptography>=0.6,<4',
+        'cryptography>=0.6,<38',
             # load_pem_private_key() is available since 0.6
             # https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#06---2014-09-29
             #
-            # Not sure what should be used as an upper bound here
-            # https://github.com/pyca/cryptography/issues/5532
-            # We will go with "<4" for now, which is also what our another dependency,
-            # pyjwt, currently use.
+            # And we will use the cryptography (X+3).0.0 as the upper bound,
+            # based on their latest deprecation policy
+            # https://cryptography.io/en/latest/api-stability/#deprecation
 
         "mock;python_version<'3.3'",
     ]