Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump pyjwt from 2.3.0 to 2.4.0 (PR #4240)
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.3.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.4.0</h2> <h2>Security</h2> <ul> <li>[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24">https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Add support for Python 3.10 by <a href="https://github.com/hugovk"><code>@hugovk</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/699">jpadilla/pyjwt#699</a></li> <li>Don't use implicit optionals by <a href="https://github.com/rekyungmin"><code>@rekyungmin</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/705">jpadilla/pyjwt#705</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/708">jpadilla/pyjwt#708</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/710">jpadilla/pyjwt#710</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/711">jpadilla/pyjwt#711</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/712">jpadilla/pyjwt#712</a></li> <li>documentation fix: show correct scope for decode_complete() by <a href="https://github.com/sseering"><code>@sseering</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/661">jpadilla/pyjwt#661</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/716">jpadilla/pyjwt#716</a></li> <li>Explicit check the key for ECAlgorithm by <a href="https://github.com/estin"><code>@estin</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/713">jpadilla/pyjwt#713</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/720">jpadilla/pyjwt#720</a></li> <li>api_jwk: Add PyJWKSet.<strong>getitem</strong> by <a href="https://github.com/woodruffw"><code>@woodruffw</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/725">jpadilla/pyjwt#725</a></li> <li>Update usage.rst by <a href="https://github.com/guneybilen"><code>@guneybilen</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/727">jpadilla/pyjwt#727</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/728">jpadilla/pyjwt#728</a></li> <li>fix: Update copyright information by <a href="https://github.com/kkirsche"><code>@kkirsche</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/729">jpadilla/pyjwt#729</a></li> <li>Docs: mention performance reasons for reusing RSAPrivateKey when encoding by <a href="https://github.com/dmahr1"><code>@dmahr1</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/734">jpadilla/pyjwt#734</a></li> <li>Fixed typo in usage.rst by <a href="https://github.com/israelabraham"><code>@israelabraham</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/738">jpadilla/pyjwt#738</a></li> <li>Add detached payload support for JWS encoding and decoding by <a href="https://github.com/fviard"><code>@fviard</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/723">jpadilla/pyjwt#723</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/740">jpadilla/pyjwt#740</a></li> <li>Raise DeprecationWarning for jwt.decode(verify=...) by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/742">jpadilla/pyjwt#742</a></li> <li>Don't mutate options dictionary in .decode_complete() by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/743">jpadilla/pyjwt#743</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/748">jpadilla/pyjwt#748</a></li> <li>Replace various string interpolations with f-strings by <a href="https://github.com/akx"><code>@akx</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/744">jpadilla/pyjwt#744</a></li> <li>Update CHANGELOG.rst by <a href="https://github.com/hipertracker"><code>@hipertracker</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/751">jpadilla/pyjwt#751</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hugovk"><code>@hugovk</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/699">jpadilla/pyjwt#699</a></li> <li><a href="https://github.com/rekyungmin"><code>@rekyungmin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/705">jpadilla/pyjwt#705</a></li> <li><a href="https://github.com/sseering"><code>@sseering</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/661">jpadilla/pyjwt#661</a></li> <li><a href="https://github.com/estin"><code>@estin</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/713">jpadilla/pyjwt#713</a></li> <li><a href="https://github.com/woodruffw"><code>@woodruffw</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/725">jpadilla/pyjwt#725</a></li> <li><a href="https://github.com/guneybilen"><code>@guneybilen</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/727">jpadilla/pyjwt#727</a></li> <li><a href="https://github.com/dmahr1"><code>@dmahr1</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/734">jpadilla/pyjwt#734</a></li> <li><a href="https://github.com/israelabraham"><code>@israelabraham</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/738">jpadilla/pyjwt#738</a></li> <li><a href="https://github.com/fviard"><code>@fviard</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/723">jpadilla/pyjwt#723</a></li> <li><a href="https://github.com/akx"><code>@akx</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/742">jpadilla/pyjwt#742</a></li> <li><a href="https://github.com/hipertracker"><code>@hipertracker</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/751">jpadilla/pyjwt#751</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0">https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0></code>__</h2> <p>Security</p> <pre><code> - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24 <p>Changed</p> <pre><code> - Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713 - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742 Fixed ~~~~~ - Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705 - documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661 - fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729 - Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743 Added ~~~~~ - Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699 - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in jpadilla/pyjwt#725 - Update usage.rst by @guneybilen in jpadilla/pyjwt#727 - Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734 - Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738 - Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723 - Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744 - Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751 </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="jpadilla/pyjwt@83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li> <li><a href="jpadilla/pyjwt@4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li> <li><a href="jpadilla/pyjwt@96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li> <li><a href="jpadilla/pyjwt@9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li> <li><a href="jpadilla/pyjwt@24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li> <li><a href="jpadilla/pyjwt@31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li> <li><a href="jpadilla/pyjwt@5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li> <li><a href="jpadilla/pyjwt@3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li> <li><a href="jpadilla/pyjwt@1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li> <li><a href="jpadilla/pyjwt@35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li> <li>Additional commits viewable in <a href="jpadilla/pyjwt@2.3.0...2.4.0">compare view</a></li> </ul> </details> <br /> </code></pre> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information