-
Notifications
You must be signed in to change notification settings - Fork 7
Commit 0dcd776
![dependabot[bot]](/https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump pyjwt from 2.3.0 to 2.4.0 (PR #4240)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p>
<blockquote>
<h2>2.4.0</h2>
<h2>Security</h2>
<ul>
<li>[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24">https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24</a></li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Add support for Python 3.10 by <a href="https://github.com/hugovk"><code>@hugovk</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/699">jpadilla/pyjwt#699</a></li>
<li>Don't use implicit optionals by <a href="https://github.com/rekyungmin"><code>@rekyungmin</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/705">jpadilla/pyjwt#705</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/708">jpadilla/pyjwt#708</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/710">jpadilla/pyjwt#710</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/711">jpadilla/pyjwt#711</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/712">jpadilla/pyjwt#712</a></li>
<li>documentation fix: show correct scope for decode_complete() by <a href="https://github.com/sseering"><code>@sseering</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/661">jpadilla/pyjwt#661</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/716">jpadilla/pyjwt#716</a></li>
<li>Explicit check the key for ECAlgorithm by <a href="https://github.com/estin"><code>@estin</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/713">jpadilla/pyjwt#713</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/720">jpadilla/pyjwt#720</a></li>
<li>api_jwk: Add PyJWKSet.<strong>getitem</strong> by <a href="https://github.com/woodruffw"><code>@woodruffw</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/725">jpadilla/pyjwt#725</a></li>
<li>Update usage.rst by <a href="https://github.com/guneybilen"><code>@guneybilen</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/727">jpadilla/pyjwt#727</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/728">jpadilla/pyjwt#728</a></li>
<li>fix: Update copyright information by <a href="https://github.com/kkirsche"><code>@kkirsche</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/729">jpadilla/pyjwt#729</a></li>
<li>Docs: mention performance reasons for reusing RSAPrivateKey when encoding by <a href="https://github.com/dmahr1"><code>@dmahr1</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/734">jpadilla/pyjwt#734</a></li>
<li>Fixed typo in usage.rst by <a href="https://github.com/israelabraham"><code>@israelabraham</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/738">jpadilla/pyjwt#738</a></li>
<li>Add detached payload support for JWS encoding and decoding by <a href="https://github.com/fviard"><code>@fviard</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/723">jpadilla/pyjwt#723</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/740">jpadilla/pyjwt#740</a></li>
<li>Raise DeprecationWarning for jwt.decode(verify=...) by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/742">jpadilla/pyjwt#742</a></li>
<li>Don't mutate options dictionary in .decode_complete() by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/743">jpadilla/pyjwt#743</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/748">jpadilla/pyjwt#748</a></li>
<li>Replace various string interpolations with f-strings by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/744">jpadilla/pyjwt#744</a></li>
<li>Update CHANGELOG.rst by <a href="https://github.com/hipertracker"><code>@hipertracker</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/751">jpadilla/pyjwt#751</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hugovk"><code>@hugovk</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/699">jpadilla/pyjwt#699</a></li>
<li><a href="https://github.com/rekyungmin"><code>@rekyungmin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/705">jpadilla/pyjwt#705</a></li>
<li><a href="https://github.com/sseering"><code>@sseering</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/661">jpadilla/pyjwt#661</a></li>
<li><a href="https://github.com/estin"><code>@estin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/713">jpadilla/pyjwt#713</a></li>
<li><a href="https://github.com/woodruffw"><code>@woodruffw</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/725">jpadilla/pyjwt#725</a></li>
<li><a href="https://github.com/guneybilen"><code>@guneybilen</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/727">jpadilla/pyjwt#727</a></li>
<li><a href="https://github.com/dmahr1"><code>@dmahr1</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/734">jpadilla/pyjwt#734</a></li>
<li><a href="https://github.com/israelabraham"><code>@israelabraham</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/738">jpadilla/pyjwt#738</a></li>
<li><a href="https://github.com/fviard"><code>@fviard</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/723">jpadilla/pyjwt#723</a></li>
<li><a href="https://github.com/akx"><code>@akx</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/742">jpadilla/pyjwt#742</a></li>
<li><a href="https://github.com/hipertracker"><code>@hipertracker</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/751">jpadilla/pyjwt#751</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0">https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0></code>__</h2>
<p>Security</p>
<pre><code>
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
<p>Changed</p>
<pre><code>
- Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742
Fixed
~~~~~
- Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705
- documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661
- fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729
- Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743
Added
~~~~~
- Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in jpadilla/pyjwt#725
- Update usage.rst by @guneybilen in jpadilla/pyjwt#727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734
- Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738
- Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723
- Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744
- Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="jpadilla/pyjwt@83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="jpadilla/pyjwt@4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="jpadilla/pyjwt@96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="jpadilla/pyjwt@9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="jpadilla/pyjwt@24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="jpadilla/pyjwt@31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="jpadilla/pyjwt@5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="jpadilla/pyjwt@3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="jpadilla/pyjwt@1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="jpadilla/pyjwt@35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="jpadilla/pyjwt@2.3.0...2.4.0">compare view</a></li>
</ul>
</details>
<br />
</code></pre>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>1 parent 4241f0f commit 0dcd776Copy full SHA for 0dcd776
File tree
2 files changed
+6
-1
lines changedFilter options
- changelogs/unreleased
2 files changed
+6
-1
lines changedchangelogs/unreleased/4240-dependabot.yml
Copy file name to clipboard+5
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
+1-1
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
0 commit comments