chore(deps): bump jwcrypto from 1.4.2 to 1.5.0

[dependabot]

Bumps jwcrypto from 1.4.2 to 1.5.0.

Release notes

Sourced from jwcrypto's releases.

v1.5.0

Version 1.5

Minor bugfixes and the addition of Brainpool curves. As mentioned in the commit: "The use of these algorithms is specified solely by the gematik GmbH – National Digital Health Agency - for use in german e-health applications"

This version also raises the minimum Cryptography version required to 3.4 and the minimum python version tested to 3.7

What's Changed

• Raising the bar for minimum pyca/cryptography by @​simo5 in latchset/jwcrypto#306
• Fix typos with codespell by @​cclauss in latchset/jwcrypto#307
• Add codespell checks in CI by @​simo5 in latchset/jwcrypto#308
• Add Brainpool EC-curves support by @​spilikin in latchset/jwcrypto#309
• Fix error message by @​Cito in latchset/jwcrypto#318
• Fix assorted CI issue by @​simo5 in latchset/jwcrypto#319
• Better support for algorithms that have different input keysize requirement by @​simo5 in latchset/jwcrypto#324

New Contributors

• @​spilikin made their first contribution in latchset/jwcrypto#309
• @​Cito made their first contribution in latchset/jwcrypto#318

Full Changelog: latchset/jwcrypto@v1.4.2...v1.5.0

Commits

• 41fb08a Version 1.5
• db1f9f4 Add test to generate key with algorithm
• e08cbf1 Use separate input_keysize property
• 2fec703 Misc fixes and docstring corrections
• 9f2cd3a Fix CI to run on the correct branch for main
• dc21a78 Fix test to actually do what it should
• 381c5d1 Fix codespell issue
• 0c31ee0 Make linter happier about dummy exception
• 4f6cf30 Python 3.6 is not available anymore in CI
• 652afd9 Fix error message
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[thekaveman]

Install updates

Outside the devcontainer

Checkout this branch and rebuild the devcontainer

Inside the devcontainer

Confirm package updates (edited for brevity / relevant packages)

$ pip freeze
...
jwcrypto==1.5.0

Run pytest

✅ All pytests passed locally

Inside the devcontainer

$ export PYTHONWARNINGS="default"
$ pytest
==================================================================== test session starts
platform linux -- Python 3.9.17, pytest-7.3.2, pluggy-1.0.0
rootdir: /home/calitp/src
plugins: mock-3.11.1, cov-4.1.0
collected 17 items
...
===================================================================== 17 passed in 0.43s

Additional manual tests

✅ Confirmed Agency Card verification (local benefits, local eligibility-server)

Configure server

Outside the devcontainer.

Replace the reference to eligibility-api in requirements.txt to point to this PR's commit:

git+https://github.com/cal-itp/eligibility-api.git@de3b146daef0f535e1a780e857f3c3290629e28b#egg=eligibility_api

Rebuild the image:

$ bin/build.sh

Configure Benefits

Outside the devcontainer.

See the note on this related PR review: cal-itp/eligibility-server#259 (review)

Ensure Benefits compose.yml points to the newly built eligibility_server:latest image

server:
  image: eligibility_server:latest

Update the reference to eligibility-api in pyprojecy.toml using the PEP508 format:

dependencies = [
  ...
  "eligibility_api @ git+https://github.com/cal-itp/eligibility-api.git@de3b146daef0f535e1a780e857f3c3290629e28b#egg=eligibility_api",
  ...
]

Rebuild the benefits image:

$ docker compose build client

Start the client and server:

$ docker compose up -d client server

Attach terminals to both running client and server to confirm they are using the updated package:

Confirm eligibility verification.