search

edina / nbexchange

External exchange for nbgrader
Other
6 stars 2 forks source link

Update dependency PyJWT to v2 #131

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
PyJWT ==1.7.1 -> ==2.8.0 age adoption passing confidence
pyjwt <2 -> <3 age adoption passing confidence

Release Notes

jpadilla/pyjwt (PyJWT) ### [`v2.8.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v280-httpsgithubcomjpadillapyjwtcompare270280) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.7.0...2.8.0) Changed ``` - Update python version test matrix by @​auvipy in `#​895 `__ Fixed ~~~~~ Added ~~~~~ - Add ``strict_aud`` as an option to ``jwt.decode`` by @​woodruffw in `#​902 `__ - Export PyJWKClientConnectionError class by @​daviddavis in `#​887 `__ - Allows passing of ssl.SSLContext to PyJWKClient by @​juur in `#​891 `__ ``` ### [`v2.7.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#Unreleased-httpsgithubcomjpadillapyjwtcompare270HEAD) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.6.0...2.7.0) Changed ``` Fixed ~~~~~ Added ~~~~~ ``` ### [`v2.6.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v270-httpsgithubcomjpadillapyjwtcompare260270) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.5.0...2.6.0) Changed ``` - Changed the error message when the token audience doesn't match the expected audience by @​irdkwmnsb `#​809 `__ - Improve error messages when cryptography isn't installed by @​Viicos in `#​846 `__ - Make `Algorithm` an abstract base class by @​Viicos in `#​845 `__ - ignore invalid keys in a jwks by @​timw6n in `#​863 `__ Fixed ~~~~~ - Add classifier for Python 3.11 by @​eseifert in `#​818 `__ - Fix ``_validate_iat`` validation by @​Viicos in `#​847 `__ - fix: use datetime.datetime.timestamp function to have a milliseconds by @​daillouf `#​821 `__ - docs: correct mistake in the changelog about verify param by @​gbillig in `#​866 `__ Added ~~~~~ - Add ``compute_hash_digest`` as a method of ``Algorithm`` objects, which uses the underlying hash algorithm to compute a digest. If there is no appropriate hash algorithm, a ``NotImplementedError`` will be raised in `#​775 `__ - Add optional ``headers`` argument to ``PyJWKClient``. If provided, the headers will be included in requests that the client uses when fetching the JWK set by @​thundercat1 in `#​823 `__ - Add PyJWT._{de,en}code_payload hooks by @​akx in `#​829 `__ - Add `sort_headers` parameter to `api_jwt.encode` by @​evroon in `#​832 `__ - Make mypy configuration stricter and improve typing by @​akx in `#​830 `__ - Add more types by @​Viicos in `#​843 `__ - Add a timeout for PyJWKClient requests by @​daviddavis in `#​875 `__ - Add client connection error exception by @​daviddavis in `#​876 `__ - Add complete types to take all allowed keys into account by @​Viicos in `#​873 `__ - Add `as_dict` option to `Algorithm.to_jwk` by @​fluxth in `#​881 `__ ``` ### [`v2.5.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v260-httpsgithubcomjpadillapyjwtcompare250260) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.4.0...2.5.0) Changed ``` - bump up cryptography >= 3.4.0 by @​jpadilla in `#​807 `_ - Remove `types-cryptography` from `crypto` extra by @​lautat in `#​805 `_ Fixed ~~~~~ - Invalidate token on the exact second the token expires `#​797 `_ - fix: version 2.5.0 heading typo by @​c0state in `#​803 `_ Added ~~~~~ - Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by @​sriharan16 in https://github.com/jpadilla/pyjwt/pull/794 ``` ### [`v2.4.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v250-httpsgithubcomjpadillapyjwtcompare240250) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.3.0...2.4.0) Changed ``` - Skip keys with incompatible alg when loading JWKSet by @​DaGuich in `#​762 `__ - Remove support for python3.6 by @​sirosen in `#​777 `__ - Emit a deprecation warning for unsupported kwargs by @​sirosen in `#​776 `__ - Remove redundant wheel dep from pyproject.toml by @​mgorny in `#​765 `__ - Do not fail when an unusable key occurs by @​DaGuich in `#​762 `__ - Update audience typing by @​JulianMaurin in `#​782 `__ - Improve PyJWKSet error accuracy by @​JulianMaurin in `#​786 `__ - Mypy as pre-commit check + api_jws typing by @​JulianMaurin in `#​787 `__ Fixed ~~~~~ - Adjust expected exceptions in option merging tests for PyPy3 by @​mgorny in `#​763 `__ - Fixes for pyright on strict mode by @​brandon-leapyear in `#​747 `__ - docs: fix simple typo, iinstance -> isinstance by @​timgates42 in `#​774 `__ - Fix typo: priot -> prior by @​jdufresne in `#​780 `__ - Fix for headers disorder issue by @​kadabusha in `#​721 `__ Added ~~~~~ - Add to_jwk static method to ECAlgorithm by @​leonsmith in `#​732 `__ - Expose get_algorithm_by_name as new method by @​sirosen in `#​773 `__ - Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in `#​784 `__ - Add cacheing functionality for JWK set by @​wuhaoyujerry in `#​781 `__ ``` ### [`v2.3.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v240-httpsgithubcomjpadillapyjwtcompare230240) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.2.0...2.3.0) Security ``` - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 Changed ~~~~~~~ - Explicit check the key for ECAlgorithm by @​estin in https://github.com/jpadilla/pyjwt/pull/713 - Raise DeprecationWarning for jwt.decode(verify=...) by @​akx in https://github.com/jpadilla/pyjwt/pull/742 Fixed ~~~~~ - Don't use implicit optionals by @​rekyungmin in https://github.com/jpadilla/pyjwt/pull/705 - documentation fix: show correct scope for decode_complete() by @​sseering in https://github.com/jpadilla/pyjwt/pull/661 - fix: Update copyright information by @​kkirsche in https://github.com/jpadilla/pyjwt/pull/729 - Don't mutate options dictionary in .decode_complete() by @​akx in https://github.com/jpadilla/pyjwt/pull/743 Added ~~~~~ - Add support for Python 3.10 by @​hugovk in https://github.com/jpadilla/pyjwt/pull/699 - api_jwk: Add PyJWKSet.__getitem__ by @​woodruffw in https://github.com/jpadilla/pyjwt/pull/725 - Update usage.rst by @​guneybilen in https://github.com/jpadilla/pyjwt/pull/727 - Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @​dmahr1 in https://github.com/jpadilla/pyjwt/pull/734 - Fixed typo in usage.rst by @​israelabraham in https://github.com/jpadilla/pyjwt/pull/738 - Add detached payload support for JWS encoding and decoding by @​fviard in https://github.com/jpadilla/pyjwt/pull/723 - Replace various string interpolations with f-strings by @​akx in https://github.com/jpadilla/pyjwt/pull/744 - Update CHANGELOG.rst by @​hipertracker in https://github.com/jpadilla/pyjwt/pull/751 ``` ### [`v2.2.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v230-httpsgithubcomjpadillapyjwtcompare220230) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.1.0...2.2.0) Fixed ``` - Revert "Remove arbitrary kwargs." `#​701 `__ Added ``` - Add exception chaining `#​702 `\__ ### [`v2.1.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v220-httpsgithubcomjpadillapyjwtcompare210220) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.0.1...2.1.0) Changed ``` - Remove arbitrary kwargs. `#​657 `__ - Use timezone package as Python 3.5+ is required. `#​694 `__ Fixed ~~~~~ - Assume JWK without the "use" claim is valid for signing as per RFC7517 `#​668 `__ - Prefer `headers["alg"]` to `algorithm` in `jwt.encode()`. `#​673 `__ - Fix aud validation to support {'aud': null} case. `#​670 `__ - Make `typ` optional in JWT to be compliant with RFC7519. `#​644 `__ - Remove upper bound on cryptography version. `#​693 `__ Added ~~~~~ - Add support for Ed448/EdDSA. `#​675 `__ ``` ### [`v2.0.1`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v210-httpsgithubcomjpadillapyjwtcompare201210) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/2.0.0...2.0.1) Changed ``` - Allow claims validation without making JWT signature validation mandatory. `#​608 `__ Fixed ~~~~~ - Remove padding from JWK test data. `#​628 `__ - Make `kty` mandatory in JWK to be compliant with RFC7517. `#​624 `__ - Allow JWK without `alg` to be compliant with RFC7517. `#​624 `__ - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#​645 `__ Added ~~~~~ - Add caching by default to PyJWKClient `#​611 `__ - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `#​620 `__ - Add support for ES256K algorithm `#​629 `__ - Add `from_jwk()` to Ed25519Algorithm `#​621 `__ - Add `to_jwk()` to Ed25519Algorithm `#​643 `__ - Export `PyJWK` and `PyJWKSet` `#​652 `__ ``` ### [`v2.0.0`](https://togithub.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v201-httpsgithubcomjpadillapyjwtcompare200201) [Compare Source](https://togithub.com/jpadilla/pyjwt/compare/1.7.1...2.0.0) Changed ``` - Rename CHANGELOG.md to CHANGELOG.rst and include in docs `#​597 `__ Fixed ~~~~~ - Fix `from_jwk()` for all algorithms `#​598 `__ Added ~~~~~ ```

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 1 year ago

Codecov Report

Merging #131 (d2209cf) into master (83190f1) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #131   +/-   ##
=======================================
  Coverage   88.47%   88.47%           
=======================================
  Files          73       73           
  Lines        6280     6280           
=======================================
  Hits         5556     5556           
  Misses        724      724
renovate[bot] commented 1 year ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 2.x releases. But if you manually upgrade to 2.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.