DEP: Pin version of cryptography (#9339)

* DEP: Pin version of cryptography * Added myself to authors:) Co-authored-by: Shahar Naveh <>
author: Shahar Naveh <50263213+ShaharNaveh@users.noreply.github.com> 2022-07-08 22:57:48 +0300
committer: GitHub <noreply@github.com> 2022-07-08 22:57:48 +0300
commit: b9f6c3e5b68835a03bcf61ddd0bfbf5ad559c80c (patch)
tree: c560d0376d27855d6e42b316a03cdd350dcea045
parent: 184e087edf5d440c996981c2975cb8518e08e779 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/AUTHORS.md b/AUTHORS.md
index 9e92568c5..95e63459b 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -289,3 +289,4 @@ Authors
 * [Yuseong Cho](https://github.com/g6123)
 * [Zach Shepherd](https://github.com/zjs)
 * [陈三](https://github.com/chenxsan)
+* [Shahar Naveh](https://github.com/ShaharNaveh)
diff --git a/tools/pinning/current/pyproject.toml b/tools/pinning/current/pyproject.toml
index 3021d2956..5802f87f1 100644
--- a/tools/pinning/current/pyproject.toml
+++ b/tools/pinning/current/pyproject.toml
@@ -75,6 +75,11 @@ setuptools-rust = "*"
 # https://github.com/python-poetry/poetry-core/commit/4e1f2ab582d1fef0033c0d3f35a3f2f2365a4bc9
 pylint = ">2.6.2"
 
+# Bug in poetry, where still installes yanked versions from pypi (source: https://github.com/python-poetry/poetry/issues/2453)
+# this version of cryptography intreduced a security vulnrability.
+# Making sure that it would not get installed (Fixing https://github.com/certbot/certbot/issues/9336)
+cryptography = "!= 37.0.3"
+
 [tool.poetry.dev-dependencies]
 
 [build-system]
author	Shahar Naveh <50263213+ShaharNaveh@users.noreply.github.com>	2022-07-08 22:57:48 +0300
committer	GitHub <noreply@github.com>	2022-07-08 22:57:48 +0300
commit	b9f6c3e5b68835a03bcf61ddd0bfbf5ad559c80c (patch)
tree	c560d0376d27855d6e42b316a03cdd350dcea045
parent	184e087edf5d440c996981c2975cb8518e08e779 (diff)