chore: Upgrade Python requirements

[edx-requirements-bot]

Python requirements update. Please review the changelogs for the upgraded packages.

[edx-requirements-bot]

List of packages in the PR without any issue.

• build changes from 1.4.3 to 1.4.4
• fastavro changes from 1.12.1 to 1.12.2
• nh3 changes from 0.3.4 to 0.3.5
• packaging changes from 26.1 to 26.2
• pip changes from 26.0.1 to 26.1
• ruff changes from 0.15.11 to 0.15.12

[edx-requirements-bot]

These Packages need manual review..

• [MAJOR] cryptography changes from 46.0.7 to 47.0.0

[rodmgwgu]

I see that openedx-platform is at cryptography==45.0.7

Do you know if having different versions here cause any issue here? I'm not sure what's the best practice here @bmtcril @mariajgrimaldi

[bmtcril]

Nice catch, thanks for checking! This is a bit of a rabbit hole, but the short version is that it should be ok. We don't include the pinned versions of packages in our setup_requires: https://github.com/openedx/openedx-authz/blob/main/setup.py#L145 to get around things like this. If there's a conflict it will show up in the edx-platform tests when our next version of openedx-authz gets pulled in.

The longer version is that the pin in edx-platform probably shouldn't even exist anymore. There is a chain of pinned dependencies that needs to be resolved. I'll see if I can get the team that added that pin to remove it and do the associated upgrades. https://github.com/openedx/edx-platform/blob/66191a93a7c4d6948a8ab3c6f24ac5518f27cdc3/requirements/constraints.txt#L136-L137

[bmtcril]

fwiw it looks like we're close to merging the cryptograpy upgrade in platform too:

openedx/openedx-platform#38465