Update dependency PyJWT to v2

This PR contains the following updates:

Package	Update	Change
PyJWT	major	`==1.7.1` -> `==2.4.0`

By merging this PR, the issue #3 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	7.5	CVE-2022-29217

Release Notes

jpadilla/pyjwt

### [`v2.4.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v250-httpsgithubcomjpadillapyjwtcompare240250) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.3.0...2.4.0) Changed ``` - Skip keys with incompatible alg when loading JWKSet by @DaGuich in `#762 `__ - Remove support for python3.6 by @sirosen in `#777 `__ - Emit a deprecation warning for unsupported kwargs by @sirosen in `#776 `__ - Remove redundant wheel dep from pyproject.toml by @mgorny in `#765 `__ - Do not fail when an unusable key occurs by @DaGuich in `#762 `__ - Update audience typing by @JulianMaurin in `#782 `__ - Improve PyJWKSet error accuracy by @JulianMaurin in `#786 `__ - Mypy as pre-commit check + api_jws typing by @JulianMaurin in `#787 `__ Fixed ~~~~~ - Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in `#763 `__ - Fixes for pyright on strict mode by @brandon-leapyear in `#747 `__ - docs: fix simple typo, iinstance -> isinstance by @timgates42 in `#774 `__ - Fix typo: priot -> prior by @jdufresne in `#780 `__ - Fix for headers disorder issue by @kadabusha in `#721 `__ Added ~~~~~ - Add to_jwk static method to ECAlgorithm by @leonsmith in `#732 `__ - Expose get_algorithm_by_name as new method by @sirosen in `#773 `__ - Add type hints to jwt/help.py and add missing types dependency by @kkirsche in `#784 `__ - Add cacheing functionality for JWK set by @wuhaoyujerry in `#781 `__ ``` ### [`v2.3.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v240-httpsgithubcomjpadillapyjwtcompare230240) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.2.0...2.3.0) Security ``` - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 Changed ~~~~~~~ - Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713 - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742 Fixed ~~~~~ - Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705 - documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661 - fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729 - Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743 Added ~~~~~ - Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699 - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725 - Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727 - Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734 - Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738 - Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723 - Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744 - Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751 ``` ### [`v2.2.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v230-httpsgithubcomjpadillapyjwtcompare220230) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.1.0...2.2.0) Fixed ``` - Revert "Remove arbitrary kwargs." `#701 `__ Added ``` - Add exception chaining `#702 `\__ ### [`v2.1.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v220-httpsgithubcomjpadillapyjwtcompare210220) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.0.1...2.1.0) Changed ``` - Remove arbitrary kwargs. `#657 `__ - Use timezone package as Python 3.5+ is required. `#694 `__ Fixed ~~~~~ - Assume JWK without the "use" claim is valid for signing as per RFC7517 `#668 `__ - Prefer `headers["alg"]` to `algorithm` in `jwt.encode()`. `#673 `__ - Fix aud validation to support {'aud': null} case. `#670 `__ - Make `typ` optional in JWT to be compliant with RFC7519. `#644 `__ - Remove upper bound on cryptography version. `#693 `__ Added ~~~~~ - Add support for Ed448/EdDSA. `#675 `__ ``` ### [`v2.0.1`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v210-httpsgithubcomjpadillapyjwtcompare201210) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.0.0...2.0.1) Changed ``` - Allow claims validation without making JWT signature validation mandatory. `#608 `__ Fixed ~~~~~ - Remove padding from JWK test data. `#628 `__ - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 `__ - Allow JWK without `alg` to be compliant with RFC7517. `#624 `__ - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 `__ Added ~~~~~ - Add caching by default to PyJWKClient `#611 `__ - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `#620 `__ - Add support for ES256K algorithm `#629 `__ - Add `from_jwk()` to Ed25519Algorithm `#621 `__ - Add `to_jwk()` to Ed25519Algorithm `#643 `__ - Export `PyJWK` and `PyJWKSet` `#652 `__ ``` ### [`v2.0.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v201-httpsgithubcomjpadillapyjwtcompare200201) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/1.7.1...2.0.0) Changed ``` - Rename CHANGELOG.md to CHANGELOG.rst and include in docs `#597 `__ Fixed ~~~~~ - Fix `from_jwk()` for all algorithms `#598 `__ Added ~~~~~ ```

[ ] If you want to rebase/retry this PR, check this box

Nexmo / python-skeleton-app

Update dependency PyJWT to v2 #7

Release Notes