From 6d39817ff74439ff0b90feb9d8b8a4abcc1da62f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 18:06:53 +0100 Subject: [PATCH] Bump pyjwt from 2.1.0 to 2.3.0 (PR #3449) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.1.0 to 2.3.0.
Release notes

Sourced from pyjwt's releases.

2.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0

2.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0

Changelog

Sourced from pyjwt's changelog.

v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>__

Fixed


- Revert "Remove arbitrary kwargs." `[#701](https://github.com/jpadilla/pyjwt/issues/701) <https://github.com/jpadilla/pyjwt/pull/701>`__

Added

v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>__

Changed


- Remove arbitrary kwargs. `[#657](https://github.com/jpadilla/pyjwt/issues/657) <https://github.com/jpadilla/pyjwt/pull/657>`__
- Use timezone package as Python 3.5+ is required. `[#694](https://github.com/jpadilla/pyjwt/issues/694) <https://github.com/jpadilla/pyjwt/pull/694>`__

Fixed


- Assume JWK without the &quot;use&quot; claim is valid for signing as per RFC7517 `[#668](https://github.com/jpadilla/pyjwt/issues/668) &lt;https://github.com/jpadilla/pyjwt/pull/668&gt;`__
- Prefer `headers[&quot;alg&quot;]` to `algorithm` in `jwt.encode()`. `[#673](https://github.com/jpadilla/pyjwt/issues/673) &lt;https://github.com/jpadilla/pyjwt/pull/673&gt;`__
- Fix aud validation to support {'aud': null} case. `[#670](https://github.com/jpadilla/pyjwt/issues/670) &lt;https://github.com/jpadilla/pyjwt/pull/670&gt;`__
- Make `typ` optional in JWT to be compliant with RFC7519. `[#644](https://github.com/jpadilla/pyjwt/issues/644) &lt;https://github.com/jpadilla/pyjwt/pull/644&gt;`__
-  Remove upper bound on cryptography version. `[#693](https://github.com/jpadilla/pyjwt/issues/693) &lt;https://github.com/jpadilla/pyjwt/pull/693&gt;`__

Added



    

  • Add support for Ed448/EdDSA. [#675](https://github.com/jpadilla/pyjwt/issues/675) &lt;https://github.com/jpadilla/pyjwt/pull/675&gt;__
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.1.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- changelogs/unreleased/3449-dependabot.yml | 5 +++++ requirements.txt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/3449-dependabot.yml diff --git a/changelogs/unreleased/3449-dependabot.yml b/changelogs/unreleased/3449-dependabot.yml new file mode 100644 index 0000000000..4718b1013f --- /dev/null +++ b/changelogs/unreleased/3449-dependabot.yml @@ -0,0 +1,5 @@ +change-type: patch +description: Bump pyjwt from 2.1.0 to 2.3.0 +destination-branches: +- iso4 +sections: {} diff --git a/requirements.txt b/requirements.txt index ef1e8cfc91..b8039c223c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -16,7 +16,7 @@ pip==21.3.1 ply==3.11 pydantic==1.8.2 pyformance==0.4 -PyJWT==2.1.0 +PyJWT==2.3.0 python-dateutil==2.8.2 pyyaml==6.0 setuptools==58.5.3