From c83a197b325b77322aa036602184cf22e4b23ab3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Sep 2022 17:02:41 +0200 Subject: [PATCH] Bump pyjwt from 2.4.0 to 2.5.0 (PR #4860) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0.
Release notes

Sourced from pyjwt's releases.

2.5.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0

Changelog

Sourced from pyjwt's changelog.

v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>__

Changed


- Skip keys with incompatible alg when loading JWKSet by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__
- Remove support for python3.6 by @sirosen in `[#777](https://github.com/jpadilla/pyjwt/issues/777) <https://github.com/jpadilla/pyjwt/pull/777>`__
- Emit a deprecation warning for unsupported kwargs by @sirosen in `[#776](https://github.com/jpadilla/pyjwt/issues/776) <https://github.com/jpadilla/pyjwt/pull/776>`__
- Remove redundant wheel dep from pyproject.toml by @mgorny in `[#765](https://github.com/jpadilla/pyjwt/issues/765) <https://github.com/jpadilla/pyjwt/pull/765>`__
- Do not fail when an unusable key occurs by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__
- Update audience typing by @JulianMaurin in `[#782](https://github.com/jpadilla/pyjwt/issues/782) <https://github.com/jpadilla/pyjwt/pull/782>`__
- Improve PyJWKSet error accuracy by @JulianMaurin in `[#786](https://github.com/jpadilla/pyjwt/issues/786) <https://github.com/jpadilla/pyjwt/pull/786>`__
- Mypy as pre-commit check + api_jws typing by @JulianMaurin in `[#787](https://github.com/jpadilla/pyjwt/issues/787) <https://github.com/jpadilla/pyjwt/pull/787>`__

Fixed



- Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in `[#763](https://github.com/jpadilla/pyjwt/issues/763) &lt;https://github.com/jpadilla/pyjwt/pull/763&gt;`__
- Fixes for pyright on strict mode by @brandon-leapyear in `[#747](https://github.com/jpadilla/pyjwt/issues/747) &lt;https://github.com/jpadilla/pyjwt/pull/747&gt;`__
- docs: fix simple typo, iinstance -&gt; isinstance by @timgates42 in `[#774](https://github.com/jpadilla/pyjwt/issues/774) &lt;https://github.com/jpadilla/pyjwt/pull/774&gt;`__
- Fix typo: priot -&gt; prior by @jdufresne in `[#780](https://github.com/jpadilla/pyjwt/issues/780) &lt;https://github.com/jpadilla/pyjwt/pull/780&gt;`__
- Fix for headers disorder issue by @kadabusha in `[#721](https://github.com/jpadilla/pyjwt/issues/721) &lt;https://github.com/jpadilla/pyjwt/pull/721&gt;`__

Added



    

  • Add to_jwk static method to ECAlgorithm by @​leonsmith in [#732](https://github.com/jpadilla/pyjwt/issues/732) &lt;https://github.com/jpadilla/pyjwt/pull/732&gt;__
    • 

  • Expose get_algorithm_by_name as new method by @​sirosen in [#773](https://github.com/jpadilla/pyjwt/issues/773) &lt;https://github.com/jpadilla/pyjwt/pull/773&gt;__
    • 

  • Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in [#784](https://github.com/jpadilla/pyjwt/issues/784) &lt;https://github.com/jpadilla/pyjwt/pull/784&gt;__
    • 

  • Add cacheing functionality for JWK set by @​wuhaoyujerry in [#781](https://github.com/jpadilla/pyjwt/issues/781) &lt;https://github.com/jpadilla/pyjwt/pull/781&gt;__
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.4.0&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- changelogs/unreleased/4860-dependabot.yml | 5 +++++ requirements.txt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/4860-dependabot.yml diff --git a/changelogs/unreleased/4860-dependabot.yml b/changelogs/unreleased/4860-dependabot.yml new file mode 100644 index 0000000000..de71a0c27e --- /dev/null +++ b/changelogs/unreleased/4860-dependabot.yml @@ -0,0 +1,5 @@ +change-type: patch +description: Bump pyjwt from 2.4.0 to 2.5.0 +destination-branches: +- master +sections: {} diff --git a/requirements.txt b/requirements.txt index 5c0a1864c8..a0eb639666 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,7 +17,7 @@ pip==22.2.2 ply==3.11 pydantic==1.10.2 pyformance==0.4 -PyJWT==2.4.0 +PyJWT==2.5.0 python-dateutil==2.8.2 pyyaml==6.0 setuptools==65.3.0