Skip to content

Bump pyjwt from 1.7.1 to 2.3.0#31

Open
dependabot[bot] wants to merge 8 commits into
mainfrom
dependabot/pip/pyjwt-2.3.0
Open

Bump pyjwt from 1.7.1 to 2.3.0#31
dependabot[bot] wants to merge 8 commits into
mainfrom
dependabot/pip/pyjwt-2.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 21, 2022

Copy link
Copy Markdown
Contributor

Bumps pyjwt from 1.7.1 to 2.3.0.

Release notes

Sourced from pyjwt's releases.

2.3.0

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.2.0...2.3.0

2.2.0

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.1.0...2.2.0

2.1.0

Changelog

Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>__

Fixed


- Revert "Remove arbitrary kwargs." `[#701](https://github.com/jpadilla/pyjwt/issues/701) <https://github.com/jpadilla/pyjwt/pull/701>`__

Added

  • Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) <https://github.com/jpadilla/pyjwt/pull/702>__

v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>__

Changed


- Remove arbitrary kwargs. `[#657](https://github.com/jpadilla/pyjwt/issues/657) <https://github.com/jpadilla/pyjwt/pull/657>`__
- Use timezone package as Python 3.5+ is required. `[#694](https://github.com/jpadilla/pyjwt/issues/694) <https://github.com/jpadilla/pyjwt/pull/694>`__

Fixed

- Assume JWK without the &quot;use&quot; claim is valid for signing as per RFC7517 `[#668](https://github.com/jpadilla/pyjwt/issues/668) &lt;https://github.com/jpadilla/pyjwt/pull/668&gt;`__
- Prefer `headers[&quot;alg&quot;]` to `algorithm` in `jwt.encode()`. `[#673](https://github.com/jpadilla/pyjwt/issues/673) &lt;https://github.com/jpadilla/pyjwt/pull/673&gt;`__
- Fix aud validation to support {'aud': null} case. `[#670](https://github.com/jpadilla/pyjwt/issues/670) &lt;https://github.com/jpadilla/pyjwt/pull/670&gt;`__
- Make `typ` optional in JWT to be compliant with RFC7519. `[#644](https://github.com/jpadilla/pyjwt/issues/644) &lt;https://github.com/jpadilla/pyjwt/pull/644&gt;`__
-  Remove upper bound on cryptography version. `[#693](https://github.com/jpadilla/pyjwt/issues/693) &lt;https://github.com/jpadilla/pyjwt/pull/693&gt;`__

Added

  • Add support for Ed448/EdDSA. [#675](https://github.com/jpadilla/pyjwt/issues/675) &lt;https://github.com/jpadilla/pyjwt/pull/675&gt;__

v2.1.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.0.1...2.1.0&gt;__

Changed

  • Allow claims validation without making JWT signature validation mandatory. [#608](https://github.com/jpadilla/pyjwt/issues/608) <https://github.com/jpadilla/pyjwt/pull/608>__

Fixed


- Remove padding from JWK test data. `[#628](https://github.com/jpadilla/pyjwt/issues/628) <https://github.com/jpadilla/pyjwt/pull/628>`__
- Make `kty` mandatory in JWK to be compliant with RFC7517. `[#624](https://github.com/jpadilla/pyjwt/issues/624) <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow JWK without `alg` to be compliant with RFC7517. `[#624](https://github.com/jpadilla/pyjwt/issues/624) <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `[#645](https://github.com/jpadilla/pyjwt/issues/645) <https://github.com/jpadilla/pyjwt/pull/645>`__
</tr></table> 

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 1.7.1 to 2.3.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@1.7.1...2.3.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 21, 2022
@dependabot @github

dependabot Bot commented on behalf of github May 13, 2022

Copy link
Copy Markdown
Contributor Author

A newer version of pyjwt exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@sonarqubecloud

sonarqubecloud Bot commented Sep 7, 2022

Copy link
Copy Markdown

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@guide-bot

guide-bot Bot commented Apr 27, 2023

Copy link
Copy Markdown

Thanks for opening this Pull Request!
We need you to:

  1. Fill out the description.

    Action: Edit description and replace <!- ... --> with actual values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants