docker-alerta
docker-alerta copied to clipboard
alerta
build(deps): bump pyjwt from 2.3.0 to 2.5.0
Bumps pyjwt from 2.3.0 to 2.5.0.
Release notes
Sourced from pyjwt's releases.
2.5.0
What's Changed
- Bump actions/checkout from 2 to 3 by
@dependabotin jpadilla/pyjwt#758- Bump codecov/codecov-action from 1 to 3 by
@dependabotin jpadilla/pyjwt#757- Bump actions/setup-python from 2 to 3 by
@dependabotin jpadilla/pyjwt#756- adding support for compressed payloads by
@danieltmilesin jpadilla/pyjwt#753- Revert "adding support for compressed payloads" by
@auvipyin jpadilla/pyjwt#761- Add to_jwk static method to ECAlgorithm by
@leonsmithin jpadilla/pyjwt#732- Remove redundant wheel dep from pyproject.toml by
@mgornyin jpadilla/pyjwt#765- Adjust expected exceptions in option merging tests for PyPy3 by
@mgornyin jpadilla/pyjwt#763- Do not fail when an unusable key occurs by
@DaGuichin jpadilla/pyjwt#762- Fixes for pyright on strict mode by
@brandon-leapyearin jpadilla/pyjwt#747- Bump actions/setup-python from 3 to 4 by
@dependabotin jpadilla/pyjwt#769- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#770- docs: fix simple typo, iinstance -> isinstance by
@timgates42in jpadilla/pyjwt#774- Expose get_algorithm_by_name as new method by
@sirosenin jpadilla/pyjwt#773- Remove support for python3.6 by
@sirosenin jpadilla/pyjwt#777- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#778- Emit a deprecation warning for unsupported kwargs by
@sirosenin jpadilla/pyjwt#776- Fix typo: priot -> prior by
@jdufresnein jpadilla/pyjwt#780- Fix for headers disorder issue by
@kadabushain jpadilla/pyjwt#721- Update audience typing by
@JulianMaurinin jpadilla/pyjwt#782- Improve PyJWKSet error accuracy by
@JulianMaurinin jpadilla/pyjwt#786- Add type hints to jwt/help.py and add missing types dependency by
@kkirschein jpadilla/pyjwt#784- Add cacheing functionality for JWK set by
@wuhaoyujerryin jpadilla/pyjwt#781- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#788- Mypy as pre-commit check + api_jws typing by
@JulianMaurinin jpadilla/pyjwt#787- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jpadilla/pyjwt#791- Bump version to 2.5.0 by
@jpadillain jpadilla/pyjwt#801New Contributors
@dependabotmade their first contribution in jpadilla/pyjwt#758@danieltmilesmade their first contribution in jpadilla/pyjwt#753@leonsmithmade their first contribution in jpadilla/pyjwt#732@mgornymade their first contribution in jpadilla/pyjwt#765@DaGuichmade their first contribution in jpadilla/pyjwt#762@brandon-leapyearmade their first contribution in jpadilla/pyjwt#747@sirosenmade their first contribution in jpadilla/pyjwt#773@kadabushamade their first contribution in jpadilla/pyjwt#721@JulianMaurinmade their first contribution in jpadilla/pyjwt#782@wuhaoyujerrymade their first contribution in jpadilla/pyjwt#781Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0
2.4.0
Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
What's Changed
... (truncated)
Changelog
Sourced from pyjwt's changelog.
v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>__Changed
- Skip keys with incompatible alg when loading JWKSet by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__ - Remove support for python3.6 by @sirosen in `[#777](https://github.com/jpadilla/pyjwt/issues/777) <https://github.com/jpadilla/pyjwt/pull/777>`__ - Emit a deprecation warning for unsupported kwargs by @sirosen in `[#776](https://github.com/jpadilla/pyjwt/issues/776) <https://github.com/jpadilla/pyjwt/pull/776>`__ - Remove redundant wheel dep from pyproject.toml by @mgorny in `[#765](https://github.com/jpadilla/pyjwt/issues/765) <https://github.com/jpadilla/pyjwt/pull/765>`__ - Do not fail when an unusable key occurs by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__ - Update audience typing by @JulianMaurin in `[#782](https://github.com/jpadilla/pyjwt/issues/782) <https://github.com/jpadilla/pyjwt/pull/782>`__ - Improve PyJWKSet error accuracy by @JulianMaurin in `[#786](https://github.com/jpadilla/pyjwt/issues/786) <https://github.com/jpadilla/pyjwt/pull/786>`__ - Mypy as pre-commit check + api_jws typing by @JulianMaurin in `[#787](https://github.com/jpadilla/pyjwt/issues/787) <https://github.com/jpadilla/pyjwt/pull/787>`__Fixed
- Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in `[#763](https://github.com/jpadilla/pyjwt/issues/763) <https://github.com/jpadilla/pyjwt/pull/763>`__ - Fixes for pyright on strict mode by @brandon-leapyear in `[#747](https://github.com/jpadilla/pyjwt/issues/747) <https://github.com/jpadilla/pyjwt/pull/747>`__ - docs: fix simple typo, iinstance -> isinstance by @timgates42 in `[#774](https://github.com/jpadilla/pyjwt/issues/774) <https://github.com/jpadilla/pyjwt/pull/774>`__ - Fix typo: priot -> prior by @jdufresne in `[#780](https://github.com/jpadilla/pyjwt/issues/780) <https://github.com/jpadilla/pyjwt/pull/780>`__ - Fix for headers disorder issue by @kadabusha in `[#721](https://github.com/jpadilla/pyjwt/issues/721) <https://github.com/jpadilla/pyjwt/pull/721>`__Added
- Add to_jwk static method to ECAlgorithm by
@leonsmithin[#732](https://github.com/jpadilla/pyjwt/issues/732) <https://github.com/jpadilla/pyjwt/pull/732>__- Expose get_algorithm_by_name as new method by
@sirosenin[#773](https://github.com/jpadilla/pyjwt/issues/773) <https://github.com/jpadilla/pyjwt/pull/773>__- Add type hints to jwt/help.py and add missing types dependency by
@kkirschein[#784](https://github.com/jpadilla/pyjwt/issues/784) <https://github.com/jpadilla/pyjwt/pull/784>__- Add cacheing functionality for JWK set by
@wuhaoyujerryin[#781](https://github.com/jpadilla/pyjwt/issues/781) <https://github.com/jpadilla/pyjwt/pull/781>__
v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed
- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713 - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742Fixed
- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary><ul> <li><a href="https://github.com/jpadilla/pyjwt/commit/c9006103b56359b3ad788bb2e380ef17dfe59b05"><code>c900610</code></a> Bump version to 2.5.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/801">#801</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/5ecbafc366ebc4940ce4eac81350bc41887a4433"><code>5ecbafc</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/791">#791</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/f827be366cc2560266a412697b5194ee4782b510"><code>f827be3</code></a> Mypy as pre-commit check + api_jws typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/787">#787</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/e8780abdd561963e3b0ca49ecec8b8519a793f75"><code>e8780ab</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/788">#788</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/fc5b94eb3575254caba599218246616c75fecdc7"><code>fc5b94e</code></a> Add cacheing functionality for JWK set (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/781">#781</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/ae3da7469ff8c28b726e082cd671997e09b19d55"><code>ae3da74</code></a> Add type hints to jwt/help.py and add missing types dependency (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/784">#784</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/435e826da56a105da51176355a29cdc00420f4c1"><code>435e826</code></a> Improve PyJWKSet error accuracy (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/786">#786</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/98a5c1d61ee180f5b3574e142f5938d24146ee99"><code>98a5c1d</code></a> Update audience typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/782">#782</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/0bef0fbff5c245668578a43774d8620bdba4a6f7"><code>0bef0fb</code></a> Fix for headers disorder issue (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/721">#721</a>)</li> <li><a href="https://github.com/jpadilla/pyjwt/commit/c8fda69f09bc293960c141288633fbd1399e0b2b"><code>c8fda69</code></a> Fix typo: priot -> prior (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/780">#780</a>)</li> <li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.5.0">compare view</a></li> </ul> </details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}