From d1e0afd7af0e8719ba8aa24a0cfd870f8ff500b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:02:08 +0100 Subject: [PATCH] Bump pyjwt from 2.9.0 to 2.10.0 (PR #8371) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.9.0 to 2.10.0.
Release notes

Sourced from pyjwt's releases.

2.10.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0

Changelog

Sourced from pyjwt's changelog.

v2.10.0 <https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0>__

Changed


- Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @luhn in `[#975](https://github.com/jpadilla/pyjwt/issues/975) <https://github.com/jpadilla/pyjwt/pull/975>`__
- Use ``Sequence`` for parameter types rather than ``List`` where applicable by @imnotjames in `[#970](https://github.com/jpadilla/pyjwt/issues/970) <https://github.com/jpadilla/pyjwt/pull/970>`__
- Add JWK support to JWT encode by @luhn in `[#979](https://github.com/jpadilla/pyjwt/issues/979) <https://github.com/jpadilla/pyjwt/pull/979>`__
- Encoding and decoding payloads using the `none` algorithm by @jpadilla in `#c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>`

Before:

.. code-block:: pycon

>>> import jwt >>> jwt.encode({"payload": "abc"}, key=None, algorithm=None)

After:

.. code-block:: pycon

>>> import jwt >>> jwt.encode({"payload": "abc"}, key=None, algorithm="none")

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @​Divan009 in [#1005](https://github.com/jpadilla/pyjwt/issues/1005) &lt;https://github.com/jpadilla/pyjwt/pull/1005&gt;__
  • Refactor project configuration files from setup.cfg to pyproject.toml by @​cleder in [#995](https://github.com/jpadilla/pyjwt/issues/995) &lt;https://github.com/jpadilla/pyjwt/pull/995&gt;__
  • Ruff linter and formatter changes by @​gagandeepp in [#1001](https://github.com/jpadilla/pyjwt/issues/1001) &lt;https://github.com/jpadilla/pyjwt/pull/1001&gt;__
  • Drop support for Python 3.8 (EOL) by @​kkirsche in [#1007](https://github.com/jpadilla/pyjwt/issues/1007) &lt;https://github.com/jpadilla/pyjwt/pull/1007&gt;__

Fixed


- Encode EC keys with a fixed bit length by @etianen in `[#990](https://github.com/jpadilla/pyjwt/issues/990) &lt;https://github.com/jpadilla/pyjwt/pull/990&gt;`__
- Add an RTD config file to resolve Read the Docs build failures by @kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977) &lt;https://github.com/jpadilla/pyjwt/pull/977&gt;`__
- Docs: Update ``iat`` exception docs by @pachewise in `[#974](https://github.com/jpadilla/pyjwt/issues/974) &lt;https://github.com/jpadilla/pyjwt/pull/974&gt;`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in `[#982](https://github.com/jpadilla/pyjwt/issues/982) &lt;https://github.com/jpadilla/pyjwt/pull/982&gt;`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in `[#986](https://github.com/jpadilla/pyjwt/issues/986) &lt;https://github.com/jpadilla/pyjwt/pull/986&gt;`__
- Fix ``test_utils.py`` not to xfail by @pachewise in `[#987](https://github.com/jpadilla/pyjwt/issues/987) &lt;https://github.com/jpadilla/pyjwt/pull/987&gt;`__
- Docs: Correct `jwt.decode` audience param doc expression by @peter279k in `[#994](https://github.com/jpadilla/pyjwt/issues/994) &lt;https://github.com/jpadilla/pyjwt/pull/994&gt;`__

Added
  • Add support for python 3.13 by @​hugovk in [#972](https://github.com/jpadilla/pyjwt/issues/972) &lt;https://github.com/jpadilla/pyjwt/pull/972&gt;__
  • Create SECURITY.md by @​auvipy and @​jpadilla in [#973](https://github.com/jpadilla/pyjwt/issues/973) &lt;https://github.com/jpadilla/pyjwt/pull/973&gt;__
  • Docs: Add PS256 encoding and decoding usage by @​peter279k in [#992](https://github.com/jpadilla/pyjwt/issues/992) &lt;https://github.com/jpadilla/pyjwt/pull/992&gt;__ </tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.9.0&new-version=2.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- changelogs/unreleased/8371-dependabot.yml | 5 +++++ requirements.txt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/8371-dependabot.yml diff --git a/changelogs/unreleased/8371-dependabot.yml b/changelogs/unreleased/8371-dependabot.yml new file mode 100644 index 0000000000..3d6a536aa8 --- /dev/null +++ b/changelogs/unreleased/8371-dependabot.yml @@ -0,0 +1,5 @@ +change-type: patch +description: Bump pyjwt from 2.9.0 to 2.10.0 +destination-branches: +- iso7 +sections: {} diff --git a/requirements.txt b/requirements.txt index bd2632807d..4d7b34eb07 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19,7 +19,7 @@ pydantic==2.9.1 # when the issue is resolved, the dependency can be dropped altogether pydantic-core==2.23.3 pyformance==0.4 -PyJWT==2.9.0 +PyJWT==2.10.0 pynacl==1.5.0 python-dateutil==2.9.0.post0 pyyaml==6.0.2