From 23dbacab553f67c5adb2bc0791e8d2dc539188a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 10:05:48 +0000 Subject: [PATCH] Upgrade: [dependabot] - bump pyjwt from 2.9.0 to 2.10.0 (#1061) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.9.0 to 2.10.0.
Release notes

Sourced from pyjwt's releases.

2.10.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0

Changelog

Sourced from pyjwt's changelog.

v2.10.0 <https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0>__

Changed


- Remove algorithm requirement from JWT API, instead relying on JWS API
for enforcement, by @luhn in
`[#975](https://github.com/jpadilla/pyjwt/issues/975)
<https://github.com/jpadilla/pyjwt/pull/975>`__
- Use ``Sequence`` for parameter types rather than ``List`` where
applicable by @imnotjames in
`[#970](https://github.com/jpadilla/pyjwt/issues/970)
<https://github.com/jpadilla/pyjwt/pull/970>`__
- Add JWK support to JWT encode by @luhn in
`[#979](https://github.com/jpadilla/pyjwt/issues/979)
<https://github.com/jpadilla/pyjwt/pull/979>`__
- Encoding and decoding payloads using the `none` algorithm by @jpadilla
in `#c2629f6
<https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>`

Before:


.. code-block:: pycon


>>> import jwt
>>> jwt.encode({"payload": "abc"},
key=None, algorithm=None)


After:


.. code-block:: pycon


>>> import jwt
>>> jwt.encode({"payload": "abc"},
key=None, algorithm="none")


    

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in
tokens by @​Divan009 in
[#1005](https://github.com/jpadilla/pyjwt/issues/1005)
&lt;https://github.com/jpadilla/pyjwt/pull/1005&gt;__
    • 

  • Refactor project configuration files from setup.cfg to
pyproject.toml by @​cleder in
[#995](https://github.com/jpadilla/pyjwt/issues/995)
&lt;https://github.com/jpadilla/pyjwt/pull/995&gt;__
    • 

  • Ruff linter and formatter changes by @​gagandeepp in
[#1001](https://github.com/jpadilla/pyjwt/issues/1001)
&lt;https://github.com/jpadilla/pyjwt/pull/1001&gt;__
    • 

  • Drop support for Python 3.8 (EOL) by @​kkirsche in
[#1007](https://github.com/jpadilla/pyjwt/issues/1007)
&lt;https://github.com/jpadilla/pyjwt/pull/1007&gt;__
    • 



Fixed



- Encode EC keys with a fixed bit length by @etianen in
`[#990](https://github.com/jpadilla/pyjwt/issues/990)
&lt;https://github.com/jpadilla/pyjwt/pull/990&gt;`__
- Add an RTD config file to resolve Read the Docs build failures by
@kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977)
&lt;https://github.com/jpadilla/pyjwt/pull/977&gt;`__
- Docs: Update ``iat`` exception docs by @pachewise in
`[#974](https://github.com/jpadilla/pyjwt/issues/974)
&lt;https://github.com/jpadilla/pyjwt/pull/974&gt;`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in
`[#982](https://github.com/jpadilla/pyjwt/issues/982)
&lt;https://github.com/jpadilla/pyjwt/pull/982&gt;`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in
`[#986](https://github.com/jpadilla/pyjwt/issues/986)
&lt;https://github.com/jpadilla/pyjwt/pull/986&gt;`__
- Fix ``test_utils.py`` not to xfail by @pachewise in
`[#987](https://github.com/jpadilla/pyjwt/issues/987)
&lt;https://github.com/jpadilla/pyjwt/pull/987&gt;`__
- Docs: Correct `jwt.decode` audience param doc expression by @peter279k
in `[#994](https://github.com/jpadilla/pyjwt/issues/994)
&lt;https://github.com/jpadilla/pyjwt/pull/994&gt;`__

Added



    

  • Add support for python 3.13 by @​hugovk in
[#972](https://github.com/jpadilla/pyjwt/issues/972)
&lt;https://github.com/jpadilla/pyjwt/pull/972&gt;__
    • 

  • Create SECURITY.md by @​auvipy and @​jpadilla in
[#973](https://github.com/jpadilla/pyjwt/issues/973)
&lt;https://github.com/jpadilla/pyjwt/pull/973&gt;__
    • 

  • Docs: Add PS256 encoding and decoding usage by @​peter279k in
[#992](https://github.com/jpadilla/pyjwt/issues/992)
&lt;https://github.com/jpadilla/pyjwt/pull/992&gt;__
</tr></table>

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.9.0&new-version=2.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- poetry.lock | 10 +++++----- pyproject.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/poetry.lock b/poetry.lock index 21de9060c..9ec614603 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1139,13 +1139,13 @@ windows-terminal = ["colorama (>=0.4.6)"] [[package]] name = "pyjwt" -version = "2.9.0" +version = "2.10.0" description = "JSON Web Token implementation in Python" optional = false -python-versions = ">=3.8" +python-versions = ">=3.9" files = [ - {file = "PyJWT-2.9.0-py3-none-any.whl", hash = "sha256:3b02fb0f44517787776cf48f2ae25d8e14f300e6d7545a4315cee571a415e850"}, - {file = "pyjwt-2.9.0.tar.gz", hash = "sha256:7e1e5b56cc735432a7369cbfa0efe50fa113ebecdc04ae6922deba8b84582d0c"}, + {file = "PyJWT-2.10.0-py3-none-any.whl", hash = "sha256:543b77207db656de204372350926bed5a86201c4cbff159f623f79c7bb487a15"}, + {file = "pyjwt-2.10.0.tar.gz", hash = "sha256:7628a7eb7938959ac1b26e819a1df0fd3259505627b575e4bad6d08f76db695c"}, ] [package.dependencies] @@ -1647,4 +1647,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "^3.12" -content-hash = "4f8e4aa7467525e32b65f327bd1a74e13157255552a5c1b57599f1d6dc932645" +content-hash = "fa71b79a2dc8c1fa8c1ec881d2a2632c8077c53f43a4f5c3590df3f082797e30" diff --git a/pyproject.toml b/pyproject.toml index 4d4dcf78f..bfe7c515b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ argparse = "^1.4.0" pre-commit = "^4.0.1" pytest = "^8.3.3" cfn-lint = "^1.19.0" -pyjwt = {extras = ["crypto"], version = "^2.9.0"} +pyjwt = {extras = ["crypto"], version = "^2.10.0"} [tool.poetry.scripts]