Skip to content

Update dependency PyJWT to v2.11.0#293

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pyjwt-2.x
Open

Update dependency PyJWT to v2.11.0#293
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pyjwt-2.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 16, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
PyJWT ==2.4.0==2.11.0 age confidence

Release Notes

jpadilla/pyjwt (PyJWT)

v2.11.0

Compare Source

Fixed


Added

v2.10.1

Compare Source

Fixed

- Validate key against allowed types for Algorithm family in `#&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `#&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @&#8203;pachewise in `#&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @&#8203;nikitagashkov in `#&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>`__

Added
  • Docs: Add example of using leeway with nbf by @​djw8605 in #&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>__
  • Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in #&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>__
  • Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in #&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>

v2.10.0

Compare Source

Fixed


- Prevent partial matching of `iss` claim by @&#8203;fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

v2.9.0

Compare Source

Changed


- Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @&#8203;luhn in `#&#8203;975 <https://github.com/jpadilla/pyjwt/pull/975>`__
- Use ``Sequence`` for parameter types rather than ``List`` where applicable by @&#8203;imnotjames in `#&#8203;970 <https://github.com/jpadilla/pyjwt/pull/970>`__
- Add JWK support to JWT encode by @&#8203;luhn in `#&#8203;979 <https://github.com/jpadilla/pyjwt/pull/979>`__
- Encoding and decoding payloads using the `none` algorithm by @&#8203;jpadilla in `#c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>`

  Before:

  .. code-block:: pycon

   >>> import jwt
   >>> jwt.encode({"payload": "abc"}, key=None, algorithm=None)

  After:

  .. code-block:: pycon

   >>> import jwt
   >>> jwt.encode({"payload": "abc"}, key=None, algorithm="none")

- Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @&#8203;Divan009 in `#&#8203;1005 <https://github.com/jpadilla/pyjwt/pull/1005>`__
- Refactor project configuration files from ``setup.cfg`` to ``pyproject.toml`` by @&#8203;cleder in `#&#8203;995 <https://github.com/jpadilla/pyjwt/pull/995>`__
- Ruff linter and formatter changes by @&#8203;gagandeepp in `#&#8203;1001 <https://github.com/jpadilla/pyjwt/pull/1001>`__
- Drop support for Python 3.8 (EOL) by @&#8203;kkirsche in `#&#8203;1007 <https://github.com/jpadilla/pyjwt/pull/1007>`__

Fixed
~~~~~

- Encode EC keys with a fixed bit length by @&#8203;etianen in `#&#8203;990 <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @&#8203;kurtmckee in `#&#8203;977 <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @&#8203;pachewise in `#&#8203;974 <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @&#8203;RbnRncn in `#&#8203;982 <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @&#8203;pachewise in `#&#8203;986 <https://github.com/jpadilla/pyjwt/pull/986>`__
- Fix ``test_utils.py`` not to xfail by @&#8203;pachewise in `#&#8203;987 <https://github.com/jpadilla/pyjwt/pull/987>`__
- Docs: Correct `jwt.decode` audience param doc expression by @&#8203;peter279k in `#&#8203;994 <https://github.com/jpadilla/pyjwt/pull/994>`__

Added
~~~~~

- Add support for python 3.13 by @&#8203;hugovk in `#&#8203;972 <https://github.com/jpadilla/pyjwt/pull/972>`__
- Create SECURITY.md by @&#8203;auvipy and @&#8203;jpadilla in `#&#8203;973 <https://github.com/jpadilla/pyjwt/pull/973>`__
- Docs: Add PS256 encoding and decoding usage by @&#8203;peter279k in `#&#8203;992 <https://github.com/jpadilla/pyjwt/pull/992>`__
- Docs: Add API docs for PyJWK by @&#8203;luhn in `#&#8203;980 <https://github.com/jpadilla/pyjwt/pull/980>`__
- Docs: Add EdDSA algorithm encoding/decoding usage by @&#8203;peter279k in `#&#8203;993 <https://github.com/jpadilla/pyjwt/pull/993>`__
- Include checkers and linters for ``pyproject.toml`` in ``pre-commit`` by @&#8203;cleder in `#&#8203;1002 <https://github.com/jpadilla/pyjwt/pull/1002>`__
- Docs: Add ES256 decoding usage by @&#8203;Gautam-Hegde in `#&#8203;1003 <https://github.com/jpadilla/pyjwt/pull/1003>`

v2.8.0

Compare Source

Changed


- Drop support for Python 3.7 (EOL) by @&#8203;hugovk in `#&#8203;910 <https://github.com/jpadilla/pyjwt/pull/910>`__
- Allow JWT issuer claim validation to accept a list of strings too by @&#8203;mattpollak in `#&#8203;913 <https://github.com/jpadilla/pyjwt/pull/913>`__

Fixed
~~~~~

- Fix unnecessary string concatenation by @&#8203;sirosen in `#&#8203;904 <https://github.com/jpadilla/pyjwt/pull/904>`__
- Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option by @&#8203;woodruffw in `#&#8203;923 <https://github.com/jpadilla/pyjwt/pull/923>`__
- Fix docs step by @&#8203;jpadilla in `#&#8203;950 <https://github.com/jpadilla/pyjwt/pull/950>`__
- Fix: Remove an unused variable from example code block by @&#8203;kenkoooo in `#&#8203;958 <https://github.com/jpadilla/pyjwt/pull/958>`__

Added
~~~~~

- Add support for Python 3.12 by @&#8203;hugovk in `#&#8203;910 <https://github.com/jpadilla/pyjwt/pull/910>`__
- Improve performance of ``is_ssh_key`` + add unit test by @&#8203;bdraco in `#&#8203;940 <https://github.com/jpadilla/pyjwt/pull/940>`__
- Allow ``jwt.decode()`` to accept a PyJWK object by @&#8203;luhn in `#&#8203;886 <https://github.com/jpadilla/pyjwt/pull/886>`__
- Make ``algorithm_name`` attribute available on PyJWK by @&#8203;luhn in `#&#8203;886 <https://github.com/jpadilla/pyjwt/pull/886>`__
- Raise ``InvalidKeyError`` on invalid PEM keys to be compatible with cryptography 42.x.x by @&#8203;CollinEMac in `#&#8203;952 <https://github.com/jpadilla/pyjwt/pull/952>`__
- Raise an exception when required cryptography dependency is missing by @&#8203;tobloef in `<https://github.com/jpadilla/pyjwt/pull/963>`__

v2.7.0

Compare Source

Changed


- Update python version test matrix by @&#8203;auvipy in `#&#8203;895 <https://github.com/jpadilla/pyjwt/pull/895>`__

Fixed
~~~~~

Added
~~~~~

- Add ``strict_aud`` as an option to ``jwt.decode`` by @&#8203;woodruffw in `#&#8203;902 <https://github.com/jpadilla/pyjwt/pull/902>`__
- Export PyJWKClientConnectionError class by @&#8203;daviddavis in `#&#8203;887 <https://github.com/jpadilla/pyjwt/pull/887>`__
- Allows passing of ssl.SSLContext to PyJWKClient by @&#8203;juur in `#&#8203;891 <https://github.com/jpadilla/pyjwt/pull/891>`__

v2.6.0

Compare Source

Changed


- Changed the error message when the token audience doesn't match the expected audience by @&#8203;irdkwmnsb `#&#8203;809 <https://github.com/jpadilla/pyjwt/pull/809>`__
- Improve error messages when cryptography isn't installed by @&#8203;Viicos in `#&#8203;846 <https://github.com/jpadilla/pyjwt/pull/846>`__
- Make `Algorithm` an abstract base class by @&#8203;Viicos in `#&#8203;845 <https://github.com/jpadilla/pyjwt/pull/845>`__
- ignore invalid keys in a jwks by @&#8203;timw6n in `#&#8203;863 <https://github.com/jpadilla/pyjwt/pull/863>`__

Fixed
~~~~~

- Add classifier for Python 3.11 by @&#8203;eseifert in `#&#8203;818 <https://github.com/jpadilla/pyjwt/pull/818>`__
- Fix ``_validate_iat`` validation by @&#8203;Viicos in `#&#8203;847 <https://github.com/jpadilla/pyjwt/pull/847>`__
- fix: use datetime.datetime.timestamp function to have a milliseconds by @&#8203;daillouf `#&#8203;821 <https://github.com/jpadilla/pyjwt/pull/821>`__
- docs: correct mistake in the changelog about verify param by @&#8203;gbillig in `#&#8203;866 <https://github.com/jpadilla/pyjwt/pull/866>`__

Added
~~~~~

- Add ``compute_hash_digest`` as a method of ``Algorithm`` objects, which uses
  the underlying hash algorithm to compute a digest. If there is no appropriate
  hash algorithm, a ``NotImplementedError`` will be raised in `#&#8203;775 <https://github.com/jpadilla/pyjwt/pull/775>`__
- Add optional ``headers`` argument to ``PyJWKClient``. If provided, the headers
  will be included in requests that the client uses when fetching the JWK set by @&#8203;thundercat1 in `#&#8203;823 <https://github.com/jpadilla/pyjwt/pull/823>`__
- Add PyJWT._{de,en}code_payload hooks by @&#8203;akx in `#&#8203;829 <https://github.com/jpadilla/pyjwt/pull/829>`__
- Add `sort_headers` parameter to `api_jwt.encode` by @&#8203;evroon in `#&#8203;832 <https://github.com/jpadilla/pyjwt/pull/832>`__
- Make mypy configuration stricter and improve typing by @&#8203;akx in `#&#8203;830 <https://github.com/jpadilla/pyjwt/pull/830>`__
- Add more types by @&#8203;Viicos in `#&#8203;843 <https://github.com/jpadilla/pyjwt/pull/843>`__
- Add a timeout for PyJWKClient requests by @&#8203;daviddavis in `#&#8203;875 <https://github.com/jpadilla/pyjwt/pull/875>`__
- Add client connection error exception by @&#8203;daviddavis in `#&#8203;876 <https://github.com/jpadilla/pyjwt/pull/876>`__
- Add complete types to take all allowed keys into account by @&#8203;Viicos in `#&#8203;873 <https://github.com/jpadilla/pyjwt/pull/873>`__
- Add `as_dict` option to `Algorithm.to_jwk` by @&#8203;fluxth in `#&#8203;881 <https://github.com/jpadilla/pyjwt/pull/881>`__

v2.5.0

Compare Source

Changed


- bump up cryptography >= 3.4.0 by @&#8203;jpadilla in `#&#8203;807 <https://github.com/jpadilla/pyjwt/pull/807>`_
- Remove `types-cryptography` from `crypto` extra by @&#8203;lautat in `#&#8203;805 <https://github.com/jpadilla/pyjwt/pull/805>`_

Fixed
~~~~~

- Invalidate token on the exact second the token expires `#&#8203;797 <https://github.com/jpadilla/pyjwt/pull/797>`_
- fix: version 2.5.0 heading typo by @&#8203;c0state in `#&#8203;803 <https://github.com/jpadilla/pyjwt/pull/803>`_

Added
~~~~~
- Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by @&#8203;sriharan16 in https://github.com/jpadilla/pyjwt/pull/794

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from c7f06bd to d9b80fc Compare May 9, 2023 21:50
@renovate renovate bot changed the title Update dependency PyJWT to v2.6.0 Update dependency PyJWT to v2.7.0 May 9, 2023
@renovate renovate bot changed the title Update dependency PyJWT to v2.7.0 Update dependency PyJWT to v2.8.0 Jul 18, 2023
@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from d9b80fc to d56f95d Compare July 18, 2023 22:05
@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from d56f95d to e7373f1 Compare August 1, 2024 17:02
@renovate renovate bot changed the title Update dependency PyJWT to v2.8.0 Update dependency PyJWT to v2.9.0 Aug 1, 2024
@renovate renovate bot changed the title Update dependency PyJWT to v2.9.0 Update dependency PyJWT to v2.10.0 Nov 17, 2024
@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from e7373f1 to 60b7333 Compare November 17, 2024 13:30
@renovate renovate bot changed the title Update dependency PyJWT to v2.10.0 Update dependency PyJWT to v2.10.1 Nov 28, 2024
@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from 60b7333 to b9854c5 Compare November 28, 2024 06:28
@renovate renovate bot changed the title Update dependency PyJWT to v2.10.1 Update dependency PyJWT to v2.11.0 Jan 30, 2026
@renovate renovate bot force-pushed the renovate/pyjwt-2.x branch from b9854c5 to 72db1fa Compare January 30, 2026 21:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants