Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
4629: Update pyjwt requirement from ~=2.4.0 to ~=2.5.0 r=jenshnielsen a=dependabot[bot] Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p> <blockquote> <h2>2.5.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>`@dependabot</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/758">jpadilla/pyjwt#758</a></li> <li>Bump codecov/codecov-action from 1 to 3 by <a href="https://github.com/dependabot"><code>`@dependabot</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/757">jpadilla/pyjwt#757</a></li> <li>Bump actions/setup-python from 2 to 3 by <a href="https://github.com/dependabot"><code>`@dependabot</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/756">jpadilla/pyjwt#756</a></li> <li>adding support for compressed payloads by <a href="https://github.com/danieltmiles"><code>`@danieltmiles</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/753">jpadilla/pyjwt#753</a></li> <li>Revert "adding support for compressed payloads" by <a href="https://github.com/auvipy"><code>`@auvipy</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/761">jpadilla/pyjwt#761</a></li> <li>Add to_jwk static method to ECAlgorithm by <a href="https://github.com/leonsmith"><code>`@leonsmith</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/732">jpadilla/pyjwt#732</a></li> <li>Remove redundant wheel dep from pyproject.toml by <a href="https://github.com/mgorny"><code>`@mgorny</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/765">jpadilla/pyjwt#765</a></li> <li>Adjust expected exceptions in option merging tests for PyPy3 by <a href="https://github.com/mgorny"><code>`@mgorny</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/763">jpadilla/pyjwt#763</a></li> <li>Do not fail when an unusable key occurs by <a href="https://github.com/DaGuich"><code>`@DaGuich</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/762">jpadilla/pyjwt#762</a></li> <li>Fixes for pyright on strict mode by <a href="https://github.com/brandon-leapyear"><code>`@brandon-leapyear</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/747">jpadilla/pyjwt#747</a></li> <li>Bump actions/setup-python from 3 to 4 by <a href="https://github.com/dependabot"><code>`@dependabot</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/769">jpadilla/pyjwt#769</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>`@pre-commit-ci</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/770">jpadilla/pyjwt#770</a></li> <li>docs: fix simple typo, iinstance -> isinstance by <a href="https://github.com/timgates42"><code>`@timgates42</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/774">jpadilla/pyjwt#774</a></li> <li>Expose get_algorithm_by_name as new method by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/773">jpadilla/pyjwt#773</a></li> <li>Remove support for python3.6 by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/777">jpadilla/pyjwt#777</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>`@pre-commit-ci</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/778">jpadilla/pyjwt#778</a></li> <li>Emit a deprecation warning for unsupported kwargs by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/776">jpadilla/pyjwt#776</a></li> <li>Fix typo: priot -> prior by <a href="https://github.com/jdufresne"><code>`@jdufresne</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/780">jpadilla/pyjwt#780</a></li> <li>Fix for headers disorder issue by <a href="https://github.com/kadabusha"><code>`@kadabusha</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/721">jpadilla/pyjwt#721</a></li> <li>Update audience typing by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/782">jpadilla/pyjwt#782</a></li> <li>Improve PyJWKSet error accuracy by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/786">jpadilla/pyjwt#786</a></li> <li>Add type hints to jwt/help.py and add missing types dependency by <a href="https://github.com/kkirsche"><code>`@kkirsche</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/784">jpadilla/pyjwt#784</a></li> <li>Add cacheing functionality for JWK set by <a href="https://github.com/wuhaoyujerry"><code>`@wuhaoyujerry</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/781">jpadilla/pyjwt#781</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>`@pre-commit-ci</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/788">jpadilla/pyjwt#788</a></li> <li>Mypy as pre-commit check + api_jws typing by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/787">jpadilla/pyjwt#787</a></li> <li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>`@pre-commit-ci</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/791">jpadilla/pyjwt#791</a></li> <li>Bump version to 2.5.0 by <a href="https://github.com/jpadilla"><code>`@jpadilla</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/801">jpadilla/pyjwt#801</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dependabot"><code>`@dependabot</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/758">jpadilla/pyjwt#758</a></li> <li><a href="https://github.com/danieltmiles"><code>`@danieltmiles</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/753">jpadilla/pyjwt#753</a></li> <li><a href="https://github.com/leonsmith"><code>`@leonsmith</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/732">jpadilla/pyjwt#732</a></li> <li><a href="https://github.com/mgorny"><code>`@mgorny</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/765">jpadilla/pyjwt#765</a></li> <li><a href="https://github.com/DaGuich"><code>`@DaGuich</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/762">jpadilla/pyjwt#762</a></li> <li><a href="https://github.com/brandon-leapyear"><code>`@brandon-leapyear</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/747">jpadilla/pyjwt#747</a></li> <li><a href="https://github.com/sirosen"><code>`@sirosen</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/773">jpadilla/pyjwt#773</a></li> <li><a href="https://github.com/kadabusha"><code>`@kadabusha</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/721">jpadilla/pyjwt#721</a></li> <li><a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/782">jpadilla/pyjwt#782</a></li> <li><a href="https://github.com/wuhaoyujerry"><code>`@wuhaoyujerry</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/781">jpadilla/pyjwt#781</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0">https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0></code>__</h2> <p>Changed</p> <pre><code> - Skip keys with incompatible alg when loading JWKSet by `@DaGuich` in `[#762](jpadilla/pyjwt#762) <https://github.com/jpadilla/pyjwt/pull/762>`__ - Remove support for python3.6 by `@sirosen` in `[#777](jpadilla/pyjwt#777) <https://github.com/jpadilla/pyjwt/pull/777>`__ - Emit a deprecation warning for unsupported kwargs by `@sirosen` in `[#776](jpadilla/pyjwt#776) <https://github.com/jpadilla/pyjwt/pull/776>`__ - Remove redundant wheel dep from pyproject.toml by `@mgorny` in `[#765](jpadilla/pyjwt#765) <https://github.com/jpadilla/pyjwt/pull/765>`__ - Do not fail when an unusable key occurs by `@DaGuich` in `[#762](jpadilla/pyjwt#762) <https://github.com/jpadilla/pyjwt/pull/762>`__ - Update audience typing by `@JulianMaurin` in `[#782](jpadilla/pyjwt#782) <https://github.com/jpadilla/pyjwt/pull/782>`__ - Improve PyJWKSet error accuracy by `@JulianMaurin` in `[#786](jpadilla/pyjwt#786) <https://github.com/jpadilla/pyjwt/pull/786>`__ - Mypy as pre-commit check + api_jws typing by `@JulianMaurin` in `[#787](jpadilla/pyjwt#787) <https://github.com/jpadilla/pyjwt/pull/787>`__ <p>Fixed</p> <pre><code> - Adjust expected exceptions in option merging tests for PyPy3 by `@mgorny` in `[#763](jpadilla/pyjwt#763) &lt;https://github.com/jpadilla/pyjwt/pull/763&gt;`__ - Fixes for pyright on strict mode by `@brandon-leapyear` in `[#747](jpadilla/pyjwt#747) &lt;https://github.com/jpadilla/pyjwt/pull/747&gt;`__ - docs: fix simple typo, iinstance -&gt; isinstance by `@timgates42` in `[#774](jpadilla/pyjwt#774) &lt;https://github.com/jpadilla/pyjwt/pull/774&gt;`__ - Fix typo: priot -&gt; prior by `@jdufresne` in `[#780](jpadilla/pyjwt#780) &lt;https://github.com/jpadilla/pyjwt/pull/780&gt;`__ - Fix for headers disorder issue by `@kadabusha` in `[#721](jpadilla/pyjwt#721) &lt;https://github.com/jpadilla/pyjwt/pull/721&gt;`__ Added </code></pre> <ul> <li>Add to_jwk static method to ECAlgorithm by <a href="https://github.com/leonsmith"><code>`@leonsmith</code></a>` in <code>[#732](jpadilla/pyjwt#732) &lt;https://github.com/jpadilla/pyjwt/pull/732&gt;</code>__</li> <li>Expose get_algorithm_by_name as new method by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <code>[#773](jpadilla/pyjwt#773) &lt;https://github.com/jpadilla/pyjwt/pull/773&gt;</code>__</li> <li>Add type hints to jwt/help.py and add missing types dependency by <a href="https://github.com/kkirsche"><code>`@kkirsche</code></a>` in <code>[#784](jpadilla/pyjwt#784) &lt;https://github.com/jpadilla/pyjwt/pull/784&gt;</code>__</li> <li>Add cacheing functionality for JWK set by <a href="https://github.com/wuhaoyujerry"><code>`@wuhaoyujerry</code></a>` in <code>[#781](jpadilla/pyjwt#781) &lt;https://github.com/jpadilla/pyjwt/pull/781&gt;</code>__</li> </ul> <h2><code>v2.4.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0&gt;</code>__</h2> <p>Security </code></pre></p> <ul> <li>[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. <a href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24">https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24</a></li> </ul> <p>Changed</p> <pre><code> - Explicit check the key for ECAlgorithm by `@estin` in jpadilla/pyjwt#713 - Raise DeprecationWarning for jwt.decode(verify=...) by `@akx` in jpadilla/pyjwt#742 <p>Fixed</p> <pre><code> - Don't use implicit optionals by `@rekyungmin` in jpadilla/pyjwt#705 &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="jpadilla/pyjwt@c9006103b56359b3ad788bb2e380ef17dfe59b05"><code>c900610</code></a> Bump version to 2.5.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/801">#801</a>)</li> <li><a href="jpadilla/pyjwt@5ecbafc366ebc4940ce4eac81350bc41887a4433"><code>5ecbafc</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/791">#791</a>)</li> <li><a href="jpadilla/pyjwt@f827be366cc2560266a412697b5194ee4782b510"><code>f827be3</code></a> Mypy as pre-commit check + api_jws typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/787">#787</a>)</li> <li><a href="jpadilla/pyjwt@e8780abdd561963e3b0ca49ecec8b8519a793f75"><code>e8780ab</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/788">#788</a>)</li> <li><a href="jpadilla/pyjwt@fc5b94eb3575254caba599218246616c75fecdc7"><code>fc5b94e</code></a> Add cacheing functionality for JWK set (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/781">#781</a>)</li> <li><a href="jpadilla/pyjwt@ae3da7469ff8c28b726e082cd671997e09b19d55"><code>ae3da74</code></a> Add type hints to jwt/help.py and add missing types dependency (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/784">#784</a>)</li> <li><a href="jpadilla/pyjwt@435e826da56a105da51176355a29cdc00420f4c1"><code>435e826</code></a> Improve PyJWKSet error accuracy (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/786">#786</a>)</li> <li><a href="jpadilla/pyjwt@98a5c1d61ee180f5b3574e142f5938d24146ee99"><code>98a5c1d</code></a> Update audience typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/782">#782</a>)</li> <li><a href="jpadilla/pyjwt@0bef0fbff5c245668578a43774d8620bdba4a6f7"><code>0bef0fb</code></a> Fix for headers disorder issue (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/721">#721</a>)</li> <li><a href="jpadilla/pyjwt@c8fda69f09bc293960c141288633fbd1399e0b2b"><code>c8fda69</code></a> Fix typo: priot -&gt; prior (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/780">#780</a>)</li> <li>Additional commits viewable in <a href="jpadilla/pyjwt@2.4.0...2.5.0">compare view</a></li> </ul> </details> <br /> </code></pre> You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
