A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
- Changed the error message when the token audience doesn't match the expected audience by @irdkwmnsb `[#809](https://github.com/jpadilla/pyjwt/issues/809) <https://github.com/jpadilla/pyjwt/pull/809>`__
- Improve error messages when cryptography isn't installed by @Viicos in `[#846](https://github.com/jpadilla/pyjwt/issues/846) <https://github.com/jpadilla/pyjwt/pull/846>`__
- Make `Algorithm` an abstract base class by @Viicos in `[#845](https://github.com/jpadilla/pyjwt/issues/845) <https://github.com/jpadilla/pyjwt/pull/845>`__
- ignore invalid keys in a jwks by @timw6n in `[#863](https://github.com/jpadilla/pyjwt/issues/863) <https://github.com/jpadilla/pyjwt/pull/863>`__
Fixed
- Add classifier for Python 3.11 by @eseifert in `[#818](https://github.com/jpadilla/pyjwt/issues/818) <https://github.com/jpadilla/pyjwt/pull/818>`__
- Fix ``_validate_iat`` validation by @Viicos in `[#847](https://github.com/jpadilla/pyjwt/issues/847) <https://github.com/jpadilla/pyjwt/pull/847>`__
- fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf `[#821](https://github.com/jpadilla/pyjwt/issues/821) <https://github.com/jpadilla/pyjwt/pull/821>`__
- docs: correct mistake in the changelog about verify param by @gbillig in `[#866](https://github.com/jpadilla/pyjwt/issues/866) <https://github.com/jpadilla/pyjwt/pull/866>`__
Added
Add compute_hash_digest as a method of Algorithm objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a NotImplementedError will be raised in [#775](https://github.com/jpadilla/pyjwt/issues/775) <https://github.com/jpadilla/pyjwt/pull/775>__
Add optional headers argument to PyJWKClient. If provided, the headers
will be included in requests that the client uses when fetching the JWK set by @thundercat1 in [#823](https://github.com/jpadilla/pyjwt/issues/823) <https://github.com/jpadilla/pyjwt/pull/823>__
Add PyJWT._{de,en}code_payload hooks by @akx in [#829](https://github.com/jpadilla/pyjwt/issues/829) <https://github.com/jpadilla/pyjwt/pull/829>__
Add sort_headers parameter to api_jwt.encode by @evroon in [#832](https://github.com/jpadilla/pyjwt/issues/832) <https://github.com/jpadilla/pyjwt/pull/832>__
Make mypy configuration stricter and improve typing by @akx in [#830](https://github.com/jpadilla/pyjwt/issues/830) <https://github.com/jpadilla/pyjwt/pull/830>__
Add more types by @Viicos in [#843](https://github.com/jpadilla/pyjwt/issues/843) <https://github.com/jpadilla/pyjwt/pull/843>__
Add a timeout for PyJWKClient requests by @daviddavis in [#875](https://github.com/jpadilla/pyjwt/issues/875) <https://github.com/jpadilla/pyjwt/pull/875>__
Add client connection error exception by @daviddavis in [#876](https://github.com/jpadilla/pyjwt/issues/876) <https://github.com/jpadilla/pyjwt/pull/876>__
Add complete types to take all allowed keys into account by @Viicos in [#873](https://github.com/jpadilla/pyjwt/issues/873) <https://github.com/jpadilla/pyjwt/pull/873>__
Add as_dict option to Algorithm.to_jwk by @fluxth in [#881](https://github.com/jpadilla/pyjwt/issues/881) <https://github.com/jpadilla/pyjwt/pull/881>__
bump up cryptography >= 3.4.0 by @jpadilla in [#807](https://github.com/jpadilla/pyjwt/issues/807) <https://github.com/jpadilla/pyjwt/pull/807>_
Remove types-cryptography from crypto extra by @lautat in [#805](https://github.com/jpadilla/pyjwt/issues/805) <https://github.com/jpadilla/pyjwt/pull/805>_
Fixed
- Invalidate token on the exact second the token expires `[#797](https://github.com/jpadilla/pyjwt/issues/797) <https://github.com/jpadilla/pyjwt/pull/797>`_
</tr></table>
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps pyjwt from 2.4.0 to 2.7.0.
Release notes
Sourced from pyjwt's releases.
... (truncated)
Changelog
Sourced from pyjwt's changelog.
... (truncated)
Commits
d7c54dbchore: update readmec35e59bAddas_dictoption toAlgorithm.to_jwk(#881)6a27341Fix for issue #862 - ignore invalid keys in a jwks. (#863)abeeacbbump up version to 2.7.0d8b1242Update pypi-package.yml6d1c3d3Update pypi-package.yml81b9ef4Create pypi-package.yml (#884)97711b1[pre-commit.ci] pre-commit autoupdate (#878)56b3d56Add complete types to take all allowed keys into account (#873)ba72644Add client connection error exception (#876)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)