Make a release 2.9.0? Or create a checklist that contributors can help with?

[dsakagi]

Hi! Thanks for this project @jpadilla . It's great.

There are some changes that have already landed in master branch that I'm interested in having published as a new version that I could pull from PyPI. I'm willing to roll up my sleeves and pitch in if that would help the process along, but would need to have a few pointers on where to start (and where to finish!)

Expected Result

2.9.0 is released!

-or-

A checklist of tasks that contributors could help chip away at to help get 2.9.0 ready.

Actual Result

2.8.0 was the latest release last July. Additionally, it seems like builds on pushes to master have not been successful for some time. Is that part of what prevents making a 2.9 release?

Thanks again! Looking forward to hearing from you

[codespearhead]

@jpadilla Thanks for the great library!

I noticed there are two other issues that only need a new release on PyPI to be closed: #869 and #947 .

I, too, am willing to help on this.

[nghazali]

Also, we need a new release as 2.8.0 uses cryptography@41.0.7, which contains a vulnerability and is fixed in @42.0.0

https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975

@jpadilla, is there any ETA for the next release?

[Trolldemorted]

@nghazali I just did a pip3 install pyjwt[crypto] and got PyJWT@2.8.0 and cryptography@42.0.5

benni@majorpurpose:~$ docker run --rm -it python bash
root@7b23517871a7:/# pip3 install pyjwt[crypto]
Collecting pyjwt[crypto]
  Downloading PyJWT-2.8.0-py3-none-any.whl.metadata (4.2 kB)
Collecting cryptography>=3.4.0 (from pyjwt[crypto])
  Downloading cryptography-42.0.5-cp39-abi3-manylinux_2_28_x86_64.whl.metadata (5.3 kB)
Collecting cffi>=1.12 (from cryptography>=3.4.0->pyjwt[crypto])
  Downloading cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (1.5 kB)
Collecting pycparser (from cffi>=1.12->cryptography>=3.4.0->pyjwt[crypto])
  Downloading pycparser-2.22-py3-none-any.whl.metadata (943 bytes)
Downloading cryptography-42.0.5-cp39-abi3-manylinux_2_28_x86_64.whl (4.6 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.6/4.6 MB 64.4 MB/s eta 0:00:00
Downloading PyJWT-2.8.0-py3-none-any.whl (22 kB)
Downloading cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (477 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 477.6/477.6 kB 39.2 MB/s eta 0:00:00
Downloading pycparser-2.22-py3-none-any.whl (117 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 117.6/117.6 kB 10.8 MB/s eta 0:00:00
Installing collected packages: pyjwt, pycparser, cffi, cryptography
Successfully installed cffi-1.16.0 cryptography-42.0.5 pycparser-2.22 pyjwt-2.8.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
root@7b23517871a7:/# pip3 freeze
cffi==1.16.0
cryptography==42.0.5
pycparser==2.22
PyJWT==2.8.0
setuptools==69.2.0
wheel==0.43.0

[jpadilla]

@dsakagi something that would actually be super helpful would be compiling updates to CHANGELOG.