BlackSheep icon indicating copy to clipboard operation
BlackSheep copied to clipboard

Published 20 hours ago verified publisher icon Neoteroi

Bump pyjwt from 2.3.0 to 2.4.0

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps pyjwt from 2.3.0 to 2.4.0.

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed



- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742

Fixed



- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added



    

  • Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
    • 

  • api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
    • 

  • Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
    • 

  • Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
    • 

  • Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
    • 

  • Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
    • 

  • Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
    • 

  • Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
    • 



<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0">compare view</a></li>
</ul>
</details>


<br />



Dependabot compatibility score


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.





Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:


    

  • 
@dependabot rebase will rebase this PR
    • 

  • 
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • 

  • 
@dependabot merge will merge this PR after your CI passes on it
    • 

  • 
@dependabot squash and merge will squash and merge this PR after your CI passes on it
    • 

  • 
@dependabot cancel merge will cancel a previously requested merge and block automerging
    • 

  • 
@dependabot reopen will reopen this PR if it is closed
    • 

  • 
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • 

  • 
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • 

  • 
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • 

  • 
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • 

  • 
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • 

  • 
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • 

  • 
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • 

  • 
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • 



You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar May 25 '22 05:05 dependabot[bot]

Codecov Report

Merging #264 (cbe90fa) into main (9fe7d66) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #264   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           59        59           
  Lines         5643      5643           
=========================================
  Hits          5643      5643

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 9fe7d66...cbe90fa. Read the comment docs.

codecov-commenter avatar May 25 '22 05:05 codecov-commenter

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Oct 27 '22 13:10 dependabot[bot]