diff --git a/_service b/_service
index 952a12d..9ee96a8 100644
--- a/_service
+++ b/_service
@@ -1,7 +1,7 @@
 <services>
   <service name="download_files" mode="disabled"/>
   <service name="cargo_vendor" mode="disabled">
-    <param name="srcdir">cryptography-38.0.3/src/rust</param>
+    <param name="srcdir">cryptography-39.0.0/src/rust</param>
     <param name="compression">zst</param>
   </service>
   <service name="cargo_audit" mode="disabled">
diff --git a/cryptography-38.0.4.tar.gz b/cryptography-38.0.4.tar.gz
deleted file mode 100644
index 16c47a5..0000000
--- a/cryptography-38.0.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290
-size 599786
diff --git a/cryptography-39.0.0.tar.gz b/cryptography-39.0.0.tar.gz
new file mode 100644
index 0000000..5ae8a74
--- /dev/null
+++ b/cryptography-39.0.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f964c7dcf7802d133e8dbd1565914fa0194f9d683d82411989889ecd701e8adf
+size 603406
diff --git a/python-cryptography.changes b/python-cryptography.changes
index 67c9a2b..c0881ad 100644
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Mon Jan  2 19:38:58 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 39.0.0:
+  * **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
+  Users on older version of OpenSSL will need to upgrade.
+  * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
+  minimum LibreSSL version is 3.5.0. Going forward our policy is to support
+  versions of LibreSSL that are available in versions of OpenBSD that are
+  still receiving security support.
+  * **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
+  ``from_encoded_point`` methods on
+  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
+  which had been deprecated for several years.
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
+  and
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
+  should be used instead.
+  * **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
+  :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
+  PKCS7 has been removed.
+  * **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will
+    change
+  the way we link OpenSSL. This will only impact users who build
+  ``cryptography`` from source (i.e., not from a ``wheel``), and specify their
+  own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
+  ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
+  variables will no longer be respected. Instead, users will need to
+  configure their builds `as documented here`_.
+  * Added support for disabling the legacy provider in OpenSSL 3.0.x
+  * Added support for disabling RSA key validation checks when loading RSA
+  keys via
+  ~cryptography.hazmat.primitives.serialization.load_pem_private_key
+  ~cryptography.hazmat.primitives.serialization.load_der_private_key
+  ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key
+  * Added support for creating OCSP requests with precomputed hashes using
+  :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
+  * Added support for loading multiple PEM-encoded X.509 certificates from
+  a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.
+
 -------------------------------------------------------------------
 Wed Dec  7 16:43:26 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
 
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 392b436..2410fd0 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,7 +28,7 @@
 %bcond_with test
 %endif
 Name:           python-cryptography%{psuffix}
-Version:        38.0.4
+Version:        39.0.0
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -109,7 +109,8 @@ find . -name .keep -print -delete
 
 %if %{with test}
 %check
-%pytest_arch -n auto
+# won't work for cryptography
+%pytest_arch -n auto --ignore-glob=vendor/*
 %endif
 
 %if !%{with test}
diff --git a/vendor.tar.zst b/vendor.tar.zst
index 28219ed..ba45f6c 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9ec55d5ba9f28dfb213910d88487ff577dff266c6d7bcc17ca7f24b0d1769845
-size 8055725
+oid sha256:f1d104b5e17ad274d3bbb3ae7060b49d28c1d8059981885ae7476c5a22f6af00
+size 8470456