Bump pyjwt from 1.7.1 to 2.0.1

[dependabot]

Bumps pyjwt from 1.7.1 to 2.0.1.

Release notes

Sourced from pyjwt's releases.

2.0.1

Changelog

Changed

• Rename CHANGELOG.md to CHANGELOG.rst and include in docs #597

Fixed

• Fix from_jwk() for all algorithms #598

v2.0.0

Highlights

Introduce better experience for JWKs

Introduce PyJWK, PyJWKSet, and PyJWKClient.

import jwt
from jwt import PyJWKClient
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)
data = jwt.decode(
token,
signing_key.key,
algorithms=["RS256"],
audience="https://expenses-api",
options={"verify_exp": False},
)
print(data)

Support for JWKs containing ECDSA keys

Drop support for Python 2

Require cryptography >= 3

Drop support for PyCrypto and ECDSA

We've kept this around for a long time, mostly for environments that didn't allow installing cryptography.

Drop CLI

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.0.1 <https://github.com/jpadilla/pyjwt/compare/2.0.0...2.0.1>__

Changed

- Rename CHANGELOG.md to CHANGELOG.rst and include in docs `[#597](https://github.com/jpadilla/pyjwt/issues/597) <https://github.com/jpadilla/pyjwt/pull/597>`__
Fixed

- Fix `from_jwk()` for all algorithms `[#598](https://github.com/jpadilla/pyjwt/issues/598) &lt;https://github.com/jpadilla/pyjwt/pull/598&gt;`__
Added


v2.0.0 &lt;https://github.com/jpadilla/pyjwt/compare/1.7.1...2.0.0&gt;__
Changed

Drop support for Python 2 and Python 3.0-3.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Python 3.5 is EOL so we decide to drop its support. Version 1.7.1 is the last one supporting Python 3.0-3.5.

Require cryptography >= 3 ^^^^^^^^^^^^^^^^^^^^^^^^^

Drop support for PyCrypto and ECDSA ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We've kept this around for a long time, mostly for environments that didn't allow installing cryptography.

Drop CLI ^^^^^^^^

Dropped the included cli entry point.

Improve typings ^^^^^^^^^^^^^^^

We no longer need to use mypy Python 2 compatibility mode (comments)

jwt.encode(...) return type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

... (truncated)

Commits

• 3993ce1 Bump up version to 2.0.1 (#604)
• 9dca8ea Fix from_jwk() for all algorithms (#598)
• fdfd687 Include changelog in docs (#597)
• 03610f0 Fix #585: tell users to use v1.7.1 for py3.5 (#592)
• bfa1d99 [pre-commit.ci] pre-commit autoupdate (#595)
• c96131b Update CHANGELOG.md (#584)
• 4823647 Update requirement on cryptography (#575)
• 4770745 Release 2.0.0 (#576)
• 587997e Complete type hinting of jwks_client.py (#578)
• 09d24fc Combine repetitive encode/decode tests using parametrize (#577)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[whpearson]

@dependabot rebase

[whpearson]

This breaks the nhs login flow. I'm going to have a look at the fix.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.