Bump pyjwt from 2.8.0 to 2.10.1

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps pyjwt from 2.8.0 to 2.10.1.

Release notes

2.10.1

Fixed

Prevent partial matching of iss claim. Thanks @fabianbadoi! (See: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm)

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1

2.10.0

What's Changed

chore: use sequence for typing rather than list by @imnotjames in jpadilla/pyjwt#970

Add support for Python 3.13 by @hugovk in jpadilla/pyjwt#972

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#971

Add an RTD config file to resolve RTD build failures by @kurtmckee in jpadilla/pyjwt#977

docs: Update iat exception docs by @pachewise in jpadilla/pyjwt#974

Remove algorithm requirement for JWT API by @luhn in jpadilla/pyjwt#975

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#978

Create SECURITY.md by @auvipy in jpadilla/pyjwt#973

docs fix: decode_complete scope and algorithms by @RbnRncn in jpadilla/pyjwt#982

fix doctest for docs/usage.rst by @pachewise in jpadilla/pyjwt#986

fix test_utils.py not to xfail by @pachewise in jpadilla/pyjwt#987

Correct jwt.decode audience param doc expression by @peter279k in jpadilla/pyjwt#994

Add PS256 encoding and decoding usage by @peter279k in jpadilla/pyjwt#992

Add API docs for PyJWK by @luhn in jpadilla/pyjwt#980

Refactor project configuration files from setup.cfg to pyproject.toml PEP-518 by @cleder in jpadilla/pyjwt#995

Add JWK support to JWT encode by @luhn in jpadilla/pyjwt#979

Update pre-commit hooks to lint pyproject.toml by @cleder in jpadilla/pyjwt#1002

Add EdDSA algorithm encoding/decoding usage by @peter279k in jpadilla/pyjwt#993

Ruff linter and formatter changes by @gagandeepp in jpadilla/pyjwt#1001

Validate sub and jti claims for the token by @Divan009 in jpadilla/pyjwt#1005

Add ES256 usage by @Gautam-Hegde in jpadilla/pyjwt#1003

Encode EC keys with a fixed bit length by @way-dave in jpadilla/pyjwt#990

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#1000

Drop support for Python 3.8 by @kkirsche in jpadilla/pyjwt#1007

Prepare 2.10.0 release by @benvdh in jpadilla/pyjwt#1011

Bump codecov/codecov-action from 4 to 5 by @dependabot in jpadilla/pyjwt#1014

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#1006

New Contributors

@imnotjames made their first contribution in jpadilla/pyjwt#970

@kurtmckee made their first contribution in jpadilla/pyjwt#977

@pachewise made their first contribution in jpadilla/pyjwt#974

@RbnRncn made their first contribution in jpadilla/pyjwt#982

@peter279k made their first contribution in jpadilla/pyjwt#994

@cleder made their first contribution in jpadilla/pyjwt#995

@gagandeepp made their first contribution in jpadilla/pyjwt#1001

@Divan009 made their first contribution in jpadilla/pyjwt#1005

@Gautam-Hegde made their first contribution in jpadilla/pyjwt#1003

@way-dave made their first contribution in jpadilla/pyjwt#990

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>__

Fixed
- Prevent partial matching of `iss` claim by @fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__
v2.10.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0&gt;__
Changed
Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @luhn in [#975](https://github.com/jpadilla/pyjwt/issues/975) <https://github.com/jpadilla/pyjwt/pull/975>__

Use Sequence for parameter types rather than List where applicable by @imnotjames in [#970](https://github.com/jpadilla/pyjwt/issues/970) <https://github.com/jpadilla/pyjwt/pull/970>__

Add JWK support to JWT encode by @luhn in [#979](https://github.com/jpadilla/pyjwt/issues/979) <https://github.com/jpadilla/pyjwt/pull/979>__

Encoding and decoding payloads using the none algorithm by @jpadilla in #c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>

Before:

.. code-block:: pycon

import jwt jwt.encode({"payload": "abc"}, key=None, algorithm=None)

After:

.. code-block:: pycon

import jwt jwt.encode({"payload": "abc"}, key=None, algorithm="none")

Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @Divan009 in [#1005](https://github.com/jpadilla/pyjwt/issues/1005) <https://github.com/jpadilla/pyjwt/pull/1005>__

Refactor project configuration files from setup.cfg to pyproject.toml by @cleder in [#995](https://github.com/jpadilla/pyjwt/issues/995) <https://github.com/jpadilla/pyjwt/pull/995>__

Ruff linter and formatter changes by @gagandeepp in [#1001](https://github.com/jpadilla/pyjwt/issues/1001) <https://github.com/jpadilla/pyjwt/pull/1001>__

Drop support for Python 3.8 (EOL) by @kkirsche in [#1007](https://github.com/jpadilla/pyjwt/issues/1007) <https://github.com/jpadilla/pyjwt/pull/1007>__

Fixed
- Encode EC keys with a fixed bit length by @etianen in `[#990](https://github.com/jpadilla/pyjwt/issues/990) <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977) <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @pachewise in `[#974](https://github.com/jpadilla/pyjwt/issues/974) <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in `[#982](https://github.com/jpadilla/pyjwt/issues/982) <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in `[#986](https://github.com/jpadilla/pyjwt/issues/986) <https://github.com/jpadilla/pyjwt/pull/986>`__
</tr></table> 

... (truncated)

Commits

3ebbb22 fix lint
37748dc update changelog
33022c2 Merge commit from fork
783f324 [pre-commit.ci] pre-commit autoupdate (#1006)
0116fc6 Bump codecov/codecov-action from 4 to 5 (#1014)
b032353 feat: surface jwt.decode_complete(...)
a759c45 Prepare 2.10.0 release (#1011)
b6b8bce Drop support for Python 3.8 (#1007)
189c256 Update index.rst
1900857 Update index.rst
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)