Thanks for providing this package. It looks like this package pins (ranged) versions for cryptography and pyopenssl, yet doesn't actually use those packages (directly or transitively). This creates unnecessary dependency locks for consumers of this package as they're forced to install those packages even if nothing else is using them.

In turn, this means that consumers of this package may be exposed to security vulnerabilities in those packages due to their inclusion in this package.

If these packages are truly unused (I wasn't able to find a reference to them in the source of this project, nor are they mentioned by any of the other packages this one depends upon), please could they be removed from the package dependencies and an updated package be published?