diff --git a/_service b/_service
index d586537..6a6a46c 100644
--- a/_service
+++ b/_service
@@ -1,6 +1,6 @@
 <services>
   <service name="cargo_vendor" mode="disabled">
-    <param name="srcdir">cryptography-36.0.2/src/rust</param>
+    <param name="srcdir">cryptography-37.0.2/src/rust</param>
   </service>
   <service name="cargo_audit" mode="disabled">
   </service>
diff --git a/cryptography-36.0.2.tar.gz b/cryptography-36.0.2.tar.gz
deleted file mode 100644
index fd02617..0000000
--- a/cryptography-36.0.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:70f8f4f7bb2ac9f340655cbac89d68c527af5bb4387522a8413e841e3e6628c9
-size 572053
diff --git a/cryptography-36.0.2.tar.gz.asc b/cryptography-36.0.2.tar.gz.asc
deleted file mode 100644
index dd42f62..0000000
--- a/cryptography-36.0.2.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmIxEWsACgkQI1rl8Sn5
-7Zg+ZQgAvgeeLSOlnD0Uun3UYws0VIewHatjmeER/ICz4oTUTPRBz8UMOOJXKQJF
-PV7qlhDDjf1YCv+uNZp+pNTRXY2Wo9eTK+GjUyfVfuUL/ByfZ/2JPrhIYUnjSyHL
-ylTNebWgFKbIuOF2olZHcrvgK9mPZ+bHV9vV7D5UL+/5jiaXCc+Q85EdyCVq8Ph6
-yDzFv91aCRFunXkVISsTkeLT1qrjUM2PoX3S3PYsko47AbktsO9YSKU/5ZYgUF+D
-oWz09e9GUDsQVExUu1K/+LC4nvJ0dUpN3WlS1RKKo2feaPlpnsH5B8lVAO88iTGL
-quDaso9vkZEeNDAXTcHD1CUgjvgnMw==
-=N7Kg
------END PGP SIGNATURE-----
diff --git a/cryptography-37.0.2.tar.gz b/cryptography-37.0.2.tar.gz
new file mode 100644
index 0000000..94054d7
--- /dev/null
+++ b/cryptography-37.0.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f224ad253cc9cea7568f49077007d2263efa57396a2f2f78114066fd54b5c68e
+size 585433
diff --git a/cryptography-37.0.2.tar.gz.asc b/cryptography-37.0.2.tar.gz.asc
new file mode 100644
index 0000000..262fa9d
--- /dev/null
+++ b/cryptography-37.0.2.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEBf2foWz3VzUNkaVgI1rl8Sn57ZgFAmJxzIoACgkQI1rl8Sn5
+7ZhKewf/Uvz9x+LOdlALmzep2cFO4PaycCIK2VNkBhYWHEE9kI0BRIwcX4N2qzYO
+7GTB4w4WMuYKhsvEYb9rRiPkrNxlTXyVAPpnM1S4aTca6jJn3yuNT/wn1CWr0IsB
+f8XsOduTth7ATI+v8zieBrNdbZif7pq5n6+/78ZIJ1DC7hhWat3Wbv2ZGObehVbS
+ACH5drpHpMYZb02SSCbTOXONmSKmLSYJZwa6yTteB6UDGDn9oaBeRhPRUFHxNQUW
+g7P3bBD8ThBaWkTDgmzldCi5V/1hGTF1jdR6+Eav8/gBgJ8b903yZzY7eloJOfhs
+gqZJhxtTXcMgXiozYoedIqeFRs4Q8A==
+=WM3/
+-----END PGP SIGNATURE-----
diff --git a/python-cryptography.changes b/python-cryptography.changes
index 161b268..b9784da 100644
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Tue May 24 06:57:55 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 37.0.2:
+  * Fixed an issue where parsing an encrypted private key with the public
+    loader functions would hang waiting for console input on OpenSSL 3.0.x rather
+    than raising an error.
+  * Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
+    removed again in the future, so ``pyOpenSSL`` users should still upgrade
+    to the latest version of that package when they upgrade ``cryptography``.
+  * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
+  * **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
+    The new minimum LibreSSL version is 3.1+.
+  * **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
+    from the public key and private key classes. These methods were originally
+    deprecated in version 2.0, but had an extended deprecation timeline due
+    to usage. Any remaining users should transition to ``sign`` and ``verify``.
+  * Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
+    the OpenSSL project. The next release of ``cryptography`` will be the last
+    to support compiling with OpenSSL 1.1.0.
+  * Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
+    Python core team. Support for Python 3.6 will be removed in a future
+    ``cryptography`` release.
+  * Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
+    In the next release we will raise MSRV to 1.48.0. Users with the latest
+    ``pip`` will typically get a wheel and not need Rust installed, but check
+    :doc:`/installation` for documentation on installing a newer ``rustc`` if
+    required.
+  * Deprecated
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
+    :class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
+    they are legacy algorithms with extremely low usage. These will be removed
+    in a future version of ``cryptography``.
+  * Added limited support for distinguished names containing a bit string.
+  * We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
+    and ``x86_64`` architectures. Users on macOS should upgrade to the latest
+    ``pip`` to ensure they can use this wheel, although we will continue to
+    ship ``x86_64`` specific wheels for now to ease the transition.
+  * This will be the final release for which we ship ``manylinux2010`` wheels.
+    Going forward the minimum supported ``manylinux`` ABI for our wheels will
+    be ``manylinux2014``. The vast majority of users will continue to receive
+    ``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
+    wheels this release already requires ``manylinux2014`` for compatibility
+    with binaries distributed by upstream.
+  * Added support for multiple
+    :class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
+    :class:`~cryptography.x509.ocsp.OCSPResponse`.
+  * Restored support for signing certificates and other structures in
+    :doc:`/x509/index` with SHA3 hash algorithms.
+  * :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
+    disabled in FIPS mode.
+  * Added support for serialization of PKCS#12 CA friendly names/aliases in
+    :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
+  * Added support for 12-15 byte (96 to 120 bit) nonces to
+    :class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
+    previously supported only 12 byte (96 bit).
+  * Added support for
+    :class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
+    OpenSSL 3.0.0+.
+  * Added support for serializing PKCS7 structures from a list of
+    certificates with
+    :class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
+  * Added support for parsing :rfc:`4514` strings with
+    :meth:`~cryptography.x509.Name.from_rfc4514_string`.
+  * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
+    :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
+    be used to verify a signature where the salt length is not already known.
+  * Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
+    to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
+    constant will set the salt length to the same length as the ``PSS`` hash
+    algorithm.
+  * Added support for loading RSA-PSS key types with
+    :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
+    and
+    :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
+    This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
+    normal RSA private key, discarding the PSS constraint information.
+
 -------------------------------------------------------------------
 Sat Mar 26 20:10:08 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
diff --git a/python-cryptography.spec b/python-cryptography.spec
index cbb0bab..7ec436e 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -28,7 +28,7 @@
 %bcond_with test
 %endif
 Name:           python-cryptography%{psuffix}
-Version:        36.0.2
+Version:        37.0.2
 Release:        0
 Summary:        Python library which exposes cryptographic recipes and primitives
 License:        Apache-2.0 OR BSD-3-Clause
@@ -37,7 +37,7 @@ URL:            https://cryptography.io/en/latest/
 Source0:        https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz
 Source1:        https://files.pythonhosted.org/packages/source/c/cryptography/cryptography-%{version}.tar.gz.asc
 # use `osc service disabledrun` to regenerate
-Source2:        vendor.tar.xz
+Source2:        vendor.tar.zst
 # use `osc service disabledrun` to regenerate
 Source3:        cargo_config
 Source4:        python-cryptography.keyring
@@ -52,6 +52,7 @@ BuildRequires:  libopenssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  python-rpm-macros
 BuildRequires:  rust >= 1.41.0
+BuildRequires:  zstd
 BuildRequires:  pkgconfig(libffi)
 # python-base is not enough, we need the _ssl module
 Requires:       python
@@ -84,6 +85,7 @@ functions.
 %autosetup -a2 -p1 -n cryptography-%{version}
 mkdir .cargo
 cp %{SOURCE3} .cargo/config
+rm -v src/rust/Cargo.lock
 
 %build
 export RUSTFLAGS=%{rustflags}
diff --git a/vendor.tar.xz b/vendor.tar.xz
deleted file mode 100644
index d354edf..0000000
--- a/vendor.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e20351c701cfbed1e641ce2798c499755c6f16f7192d8db4b88a3ae29163f8a2
-size 5909332
diff --git a/vendor.tar.zst b/vendor.tar.zst
new file mode 100644
index 0000000..c72376d
--- /dev/null
+++ b/vendor.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3493a00e4cfd2ec828c6b659259daf981b7dd0e751ed33b2032a86bec43ee344
+size 8743693