I think the upper bound is just bogus and should be removed. Upstream seems to have added it under the assumption that cryptography follows semver, but it does not: 2.9 to 3.0 offers the same compatibility guarantees as 2.8 to 2.9.
- Bug#969565: python3-azure-cli: dependency unsat... peter green
- Bug#969565: Bogus upper bound Tristan Seligmann
- Bug#969565: Bogus upper bound Luca Boccassi
- Bug#969565: marked as done (python3-azure-... Debian Bug Tracking System
