Bump pyjwt from 2.0.1 to 2.5.0

[dependabot[bot]]

Bumps pyjwt from 2.0.1 to 2.5.0.

Release notes

Sourced from pyjwt's releases.

2.5.0

What's Changed

• Bump actions/checkout from 2 to 3 by @​dependabot in jpadilla/pyjwt#758
• Bump codecov/codecov-action from 1 to 3 by @​dependabot in jpadilla/pyjwt#757
• Bump actions/setup-python from 2 to 3 by @​dependabot in jpadilla/pyjwt#756
• adding support for compressed payloads by @​danieltmiles in jpadilla/pyjwt#753
• Revert "adding support for compressed payloads" by @​auvipy in jpadilla/pyjwt#761
• Add to_jwk static method to ECAlgorithm by @​leonsmith in jpadilla/pyjwt#732
• Remove redundant wheel dep from pyproject.toml by @​mgorny in jpadilla/pyjwt#765
• Adjust expected exceptions in option merging tests for PyPy3 by @​mgorny in jpadilla/pyjwt#763
• Do not fail when an unusable key occurs by @​DaGuich in jpadilla/pyjwt#762
• Fixes for pyright on strict mode by @​brandon-leapyear in jpadilla/pyjwt#747
• Bump actions/setup-python from 3 to 4 by @​dependabot in jpadilla/pyjwt#769
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#770
• docs: fix simple typo, iinstance -> isinstance by @​timgates42 in jpadilla/pyjwt#774
• Expose get_algorithm_by_name as new method by @​sirosen in jpadilla/pyjwt#773
• Remove support for python3.6 by @​sirosen in jpadilla/pyjwt#777
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#778
• Emit a deprecation warning for unsupported kwargs by @​sirosen in jpadilla/pyjwt#776
• Fix typo: priot -> prior by @​jdufresne in jpadilla/pyjwt#780
• Fix for headers disorder issue by @​kadabusha in jpadilla/pyjwt#721
• Update audience typing by @​JulianMaurin in jpadilla/pyjwt#782
• Improve PyJWKSet error accuracy by @​JulianMaurin in jpadilla/pyjwt#786
• Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in jpadilla/pyjwt#784
• Add cacheing functionality for JWK set by @​wuhaoyujerry in jpadilla/pyjwt#781
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#788
• Mypy as pre-commit check + api_jws typing by @​JulianMaurin in jpadilla/pyjwt#787
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#791
• Bump version to 2.5.0 by @​jpadilla in jpadilla/pyjwt#801

New Contributors

• @​dependabot made their first contribution in jpadilla/pyjwt#758
• @​danieltmiles made their first contribution in jpadilla/pyjwt#753
• @​leonsmith made their first contribution in jpadilla/pyjwt#732
• @​mgorny made their first contribution in jpadilla/pyjwt#765
• @​DaGuich made their first contribution in jpadilla/pyjwt#762
• @​brandon-leapyear made their first contribution in jpadilla/pyjwt#747
• @​sirosen made their first contribution in jpadilla/pyjwt#773
• @​kadabusha made their first contribution in jpadilla/pyjwt#721
• @​JulianMaurin made their first contribution in jpadilla/pyjwt#782
• @​wuhaoyujerry made their first contribution in jpadilla/pyjwt#781

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0

2.4.0

Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>__

Changed

- Skip keys with incompatible alg when loading JWKSet by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__
- Remove support for python3.6 by @sirosen in `[#777](https://github.com/jpadilla/pyjwt/issues/777) <https://github.com/jpadilla/pyjwt/pull/777>`__
- Emit a deprecation warning for unsupported kwargs by @sirosen in `[#776](https://github.com/jpadilla/pyjwt/issues/776) <https://github.com/jpadilla/pyjwt/pull/776>`__
- Remove redundant wheel dep from pyproject.toml by @mgorny in `[#765](https://github.com/jpadilla/pyjwt/issues/765) <https://github.com/jpadilla/pyjwt/pull/765>`__
- Do not fail when an unusable key occurs by @DaGuich in `[#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>`__
- Update audience typing by @JulianMaurin in `[#782](https://github.com/jpadilla/pyjwt/issues/782) <https://github.com/jpadilla/pyjwt/pull/782>`__
- Improve PyJWKSet error accuracy by @JulianMaurin in `[#786](https://github.com/jpadilla/pyjwt/issues/786) <https://github.com/jpadilla/pyjwt/pull/786>`__
- Mypy as pre-commit check + api_jws typing by @JulianMaurin in `[#787](https://github.com/jpadilla/pyjwt/issues/787) <https://github.com/jpadilla/pyjwt/pull/787>`__
Fixed

- Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in `[#763](https://github.com/jpadilla/pyjwt/issues/763) &lt;https://github.com/jpadilla/pyjwt/pull/763&gt;`__
- Fixes for pyright on strict mode by @brandon-leapyear in `[#747](https://github.com/jpadilla/pyjwt/issues/747) &lt;https://github.com/jpadilla/pyjwt/pull/747&gt;`__
- docs: fix simple typo, iinstance -&gt; isinstance by @timgates42 in `[#774](https://github.com/jpadilla/pyjwt/issues/774) &lt;https://github.com/jpadilla/pyjwt/pull/774&gt;`__
- Fix typo: priot -&gt; prior by @jdufresne in `[#780](https://github.com/jpadilla/pyjwt/issues/780) &lt;https://github.com/jpadilla/pyjwt/pull/780&gt;`__
- Fix for headers disorder issue by @kadabusha in `[#721](https://github.com/jpadilla/pyjwt/issues/721) &lt;https://github.com/jpadilla/pyjwt/pull/721&gt;`__

Added


Add to_jwk static method to ECAlgorithm by @​leonsmith in [#732](https://github.com/jpadilla/pyjwt/issues/732) &lt;https://github.com/jpadilla/pyjwt/pull/732&gt;__
Expose get_algorithm_by_name as new method by @​sirosen in [#773](https://github.com/jpadilla/pyjwt/issues/773) &lt;https://github.com/jpadilla/pyjwt/pull/773&gt;__
Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in [#784](https://github.com/jpadilla/pyjwt/issues/784) &lt;https://github.com/jpadilla/pyjwt/pull/784&gt;__
Add cacheing functionality for JWK set by @​wuhaoyujerry in [#781](https://github.com/jpadilla/pyjwt/issues/781) &lt;https://github.com/jpadilla/pyjwt/pull/781&gt;__

v2.4.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0&gt;__
Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
</tr></table> 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/c9006103b56359b3ad788bb2e380ef17dfe59b05"><code>c900610</code></a> Bump version to 2.5.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/801">#801</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5ecbafc366ebc4940ce4eac81350bc41887a4433"><code>5ecbafc</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/791">#791</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/f827be366cc2560266a412697b5194ee4782b510"><code>f827be3</code></a> Mypy as pre-commit check + api_jws typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/787">#787</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/e8780abdd561963e3b0ca49ecec8b8519a793f75"><code>e8780ab</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/788">#788</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/fc5b94eb3575254caba599218246616c75fecdc7"><code>fc5b94e</code></a> Add cacheing functionality for JWK set (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/781">#781</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/ae3da7469ff8c28b726e082cd671997e09b19d55"><code>ae3da74</code></a> Add type hints to jwt/help.py and add missing types dependency (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/784">#784</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/435e826da56a105da51176355a29cdc00420f4c1"><code>435e826</code></a> Improve PyJWKSet error accuracy (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/786">#786</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/98a5c1d61ee180f5b3574e142f5938d24146ee99"><code>98a5c1d</code></a> Update audience typing (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/782">#782</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/0bef0fbff5c245668578a43774d8620bdba4a6f7"><code>0bef0fb</code></a> Fix for headers disorder issue (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/721">#721</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/c8fda69f09bc293960c141288633fbd1399e0b2b"><code>c8fda69</code></a> Fix typo: priot -&gt; prior (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/780">#780</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.0.1...2.5.0">compare view</a></li>
</ul>
</details>

<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.0.1&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---


Dependabot commands and options



You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

            

[dependabot[bot]]

Superseded by #566.