Requirements.txt pins cryptography==44.0.1 which excludes Python 3.9 (officially supported

[bgerardw]

Bug Report

Current Behavior
pip install -r requirements.txt fails on Python 3.9 with:

ERROR: No matching distribution found for cryptography==44.0.1
ERROR: Ignored the following versions that require a different python version: 44.0.1 Requires-Python >=3.7,!=3.9.0,!=3.9.1

Root Cause

• Fides declares Python 3.9 support (pyproject.toml, docs, Dockerfiles)
• requirements.txt pins cryptography==44.0.1 which excludes Python 3.9 per its metadata: Requires-Python: >=3.7,!=3.9.0,!=3.9.1[web:90]
• Last 3.9-compatible cryptography version: 43.0.3

Reproduction

# On Windows/Python 3.9
python -m venv .venv
.venv\Scripts\activate
pip install -r requirements.txt  # Fails at cryptography==44.0.1

Impact
Breaks fresh installs on Python 3.9 (still widely used in enterprise/container images).

Suggested Fixes

Option 1: Range constraint (recommended)

# requirements.txt
-cryptography==44.0.1
+cryptography>=43.0.0,<45.0.0

Preserves 3.9 support while allowing security updates.

Option 2: Python-aware pins

# pyproject.toml or conditional requirements
cryptography = {version = ">=43.0.0", python = ">=3.9,<3.10"}
cryptography = {version = ">=44.0.0", python = ">=3.10"}

Option 3: Drop Python 3.9

• Update all docs/CI/Docker to >=3.10
• Keep cryptography==44.0.1 (or latest)

Workaround for users

pip install "cryptography>=43.0.0,<44.0" -r requirements.txt
# OR use Python 3.10 venv

Versions Affected

• Fides: main branch (post latest release)
• Python: 3.9.x (all patch versions)
• cryptography: 44.0.0+ (all exclude 3.9)

Priority: Medium - breaks documented install path on supported Python version