hypothesis / h

Annotate with anyone, anywhere.
https://hypothes.is/
BSD 2-Clause "Simplified" License
2.96k stars 427 forks source link

Bump pyjwt from 2.9.0 to 2.10.0 #9092

Closed dependabot[bot] closed 3 days ago

dependabot[bot] commented 5 days ago

Bumps pyjwt from 2.9.0 to 2.10.0.

Release notes

Sourced from pyjwt's releases.

2.10.0

What's Changed

New Contributors

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0

Changelog

Sourced from pyjwt's changelog.

v2.10.0 <https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0>__

Changed


- Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @luhn in `[#975](https://github.com/jpadilla/pyjwt/issues/975) <https://github.com/jpadilla/pyjwt/pull/975>`__
- Use ``Sequence`` for parameter types rather than ``List`` where applicable by @imnotjames in `[#970](https://github.com/jpadilla/pyjwt/issues/970) <https://github.com/jpadilla/pyjwt/pull/970>`__
- Add JWK support to JWT encode by @luhn in `[#979](https://github.com/jpadilla/pyjwt/issues/979) <https://github.com/jpadilla/pyjwt/pull/979>`__
- Encoding and decoding payloads using the `none` algorithm by @jpadilla in `#c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>`

Before:

.. code-block:: pycon

>>> import jwt >>> jwt.encode({"payload": "abc"}, key=None, algorithm=None)

After:

.. code-block:: pycon

>>> import jwt >>> jwt.encode({"payload": "abc"}, key=None, algorithm="none")

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @​Divan009 in [#1005](https://github.com/jpadilla/pyjwt/issues/1005) &lt;https://github.com/jpadilla/pyjwt/pull/1005&gt;__
  • Refactor project configuration files from setup.cfg to pyproject.toml by @​cleder in [#995](https://github.com/jpadilla/pyjwt/issues/995) &lt;https://github.com/jpadilla/pyjwt/pull/995&gt;__
  • Ruff linter and formatter changes by @​gagandeepp in [#1001](https://github.com/jpadilla/pyjwt/issues/1001) &lt;https://github.com/jpadilla/pyjwt/pull/1001&gt;__
  • Drop support for Python 3.8 (EOL) by @​kkirsche in [#1007](https://github.com/jpadilla/pyjwt/issues/1007) &lt;https://github.com/jpadilla/pyjwt/pull/1007&gt;__

Fixed


- Encode EC keys with a fixed bit length by @etianen in `[#990](https://github.com/jpadilla/pyjwt/issues/990) &lt;https://github.com/jpadilla/pyjwt/pull/990&gt;`__
- Add an RTD config file to resolve Read the Docs build failures by @kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977) &lt;https://github.com/jpadilla/pyjwt/pull/977&gt;`__
- Docs: Update ``iat`` exception docs by @pachewise in `[#974](https://github.com/jpadilla/pyjwt/issues/974) &lt;https://github.com/jpadilla/pyjwt/pull/974&gt;`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in `[#982](https://github.com/jpadilla/pyjwt/issues/982) &lt;https://github.com/jpadilla/pyjwt/pull/982&gt;`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in `[#986](https://github.com/jpadilla/pyjwt/issues/986) &lt;https://github.com/jpadilla/pyjwt/pull/986&gt;`__
- Fix ``test_utils.py`` not to xfail by @pachewise in `[#987](https://github.com/jpadilla/pyjwt/issues/987) &lt;https://github.com/jpadilla/pyjwt/pull/987&gt;`__
- Docs: Correct `jwt.decode` audience param doc expression by @peter279k in `[#994](https://github.com/jpadilla/pyjwt/issues/994) &lt;https://github.com/jpadilla/pyjwt/pull/994&gt;`__

Added
  • Add support for python 3.13 by @​hugovk in [#972](https://github.com/jpadilla/pyjwt/issues/972) &lt;https://github.com/jpadilla/pyjwt/pull/972&gt;__
  • Create SECURITY.md by @​auvipy and @​jpadilla in [#973](https://github.com/jpadilla/pyjwt/issues/973) &lt;https://github.com/jpadilla/pyjwt/pull/973&gt;__
  • Docs: Add PS256 encoding and decoding usage by @​peter279k in [#992](https://github.com/jpadilla/pyjwt/issues/992) &lt;https://github.com/jpadilla/pyjwt/pull/992&gt;__ </tr></table>

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)