Bump cryptography from 42.0.3 to 42.0.5

[dependabot]

Bumps cryptography from 42.0.3 to 42.0.5.

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23

* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.
.. _v42-0-4:
42.0.4 - 2024-02-20

• Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130
• Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370.

.. _v42-0-3:

Commits

• 33833f0 Release 42.0.5 (#10470)
• 4be53bf Added a budget for NC checks to protect against DoS (#10467) (#10468)
• 8e9de30 Bump pyo3 from 0.20.2 to 0.20.3 in /src/rust (#10462) (#10465)
• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.03%. Comparing base (c01d7e5) to head (46e7012).
Report is 20 commits behind head on master.

❗ Current head 46e7012 differs from pull request most recent head d04a3eb. Consider uploading reports for the commit d04a3eb to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1130      +/-   ##
==========================================
- Coverage   69.05%   69.03%   -0.03%     
==========================================
  Files         187      187              
  Lines        9051     9051              
  Branches     1484     1484              
==========================================
- Hits         6250     6248       -2     
- Misses       2701     2702       +1     
- Partials      100      101       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.