Bump pyjwt from 2.3.0 to 2.6.0

[dependabot[bot]]

Bumps pyjwt from 2.3.0 to 2.6.0.

Release notes

Sourced from pyjwt's releases.

2.5.0

What's Changed

• Bump actions/checkout from 2 to 3 by @​dependabot in jpadilla/pyjwt#758
• Bump codecov/codecov-action from 1 to 3 by @​dependabot in jpadilla/pyjwt#757
• Bump actions/setup-python from 2 to 3 by @​dependabot in jpadilla/pyjwt#756
• adding support for compressed payloads by @​danieltmiles in jpadilla/pyjwt#753
• Revert "adding support for compressed payloads" by @​auvipy in jpadilla/pyjwt#761
• Add to_jwk static method to ECAlgorithm by @​leonsmith in jpadilla/pyjwt#732
• Remove redundant wheel dep from pyproject.toml by @​mgorny in jpadilla/pyjwt#765
• Adjust expected exceptions in option merging tests for PyPy3 by @​mgorny in jpadilla/pyjwt#763
• Do not fail when an unusable key occurs by @​DaGuich in jpadilla/pyjwt#762
• Fixes for pyright on strict mode by @​brandon-leapyear in jpadilla/pyjwt#747
• Bump actions/setup-python from 3 to 4 by @​dependabot in jpadilla/pyjwt#769
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#770
• docs: fix simple typo, iinstance -> isinstance by @​timgates42 in jpadilla/pyjwt#774
• Expose get_algorithm_by_name as new method by @​sirosen in jpadilla/pyjwt#773
• Remove support for python3.6 by @​sirosen in jpadilla/pyjwt#777
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#778
• Emit a deprecation warning for unsupported kwargs by @​sirosen in jpadilla/pyjwt#776
• Fix typo: priot -> prior by @​jdufresne in jpadilla/pyjwt#780
• Fix for headers disorder issue by @​kadabusha in jpadilla/pyjwt#721
• Update audience typing by @​JulianMaurin in jpadilla/pyjwt#782
• Improve PyJWKSet error accuracy by @​JulianMaurin in jpadilla/pyjwt#786
• Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in jpadilla/pyjwt#784
• Add cacheing functionality for JWK set by @​wuhaoyujerry in jpadilla/pyjwt#781
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#788
• Mypy as pre-commit check + api_jws typing by @​JulianMaurin in jpadilla/pyjwt#787
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#791
• Bump version to 2.5.0 by @​jpadilla in jpadilla/pyjwt#801

New Contributors

• @​dependabot made their first contribution in jpadilla/pyjwt#758
• @​danieltmiles made their first contribution in jpadilla/pyjwt#753
• @​leonsmith made their first contribution in jpadilla/pyjwt#732
• @​mgorny made their first contribution in jpadilla/pyjwt#765
• @​DaGuich made their first contribution in jpadilla/pyjwt#762
• @​brandon-leapyear made their first contribution in jpadilla/pyjwt#747
• @​sirosen made their first contribution in jpadilla/pyjwt#773
• @​kadabusha made their first contribution in jpadilla/pyjwt#721
• @​JulianMaurin made their first contribution in jpadilla/pyjwt#782
• @​wuhaoyujerry made their first contribution in jpadilla/pyjwt#781

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0

2.4.0

Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

What's Changed

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.6.0 <https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0>__

Changed

- bump up cryptography >= 3.4.0 by @jpadilla in `[#807](https://github.com/jpadilla/pyjwt/issues/807) <https://github.com/jpadilla/pyjwt/pull/807>`_
- Remove `types-cryptography` from `crypto` extra by @lautat in `[#805](https://github.com/jpadilla/pyjwt/issues/805) <https://github.com/jpadilla/pyjwt/pull/805>`_
Fixed

- Invalidate token on the exact second the token expires `[#797](https://github.com/jpadilla/pyjwt/issues/797) &lt;https://github.com/jpadilla/pyjwt/pull/797&gt;`_
- fix: version 2.5.0 heading typo by @c0state in `[#803](https://github.com/jpadilla/pyjwt/issues/803) &lt;https://github.com/jpadilla/pyjwt/pull/803&gt;`_

Added


Adding validation for issued_at when iat &gt; (now + leeway) as ImmatureSignatureError by @​sriharan16 in jpadilla/pyjwt#794

v2.5.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0&gt;__
Changed

• Skip keys with incompatible alg when loading JWKSet by @​DaGuich in [#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>__
• Remove support for python3.6 by @​sirosen in [#777](https://github.com/jpadilla/pyjwt/issues/777) <https://github.com/jpadilla/pyjwt/pull/777>__
• Emit a deprecation warning for unsupported kwargs by @​sirosen in [#776](https://github.com/jpadilla/pyjwt/issues/776) <https://github.com/jpadilla/pyjwt/pull/776>__
• Remove redundant wheel dep from pyproject.toml by @​mgorny in [#765](https://github.com/jpadilla/pyjwt/issues/765) <https://github.com/jpadilla/pyjwt/pull/765>__
• Do not fail when an unusable key occurs by @​DaGuich in [#762](https://github.com/jpadilla/pyjwt/issues/762) <https://github.com/jpadilla/pyjwt/pull/762>__
• Update audience typing by @​JulianMaurin in [#782](https://github.com/jpadilla/pyjwt/issues/782) <https://github.com/jpadilla/pyjwt/pull/782>__
• Improve PyJWKSet error accuracy by @​JulianMaurin in [#786](https://github.com/jpadilla/pyjwt/issues/786) <https://github.com/jpadilla/pyjwt/pull/786>__
• Mypy as pre-commit check + api_jws typing by @​JulianMaurin in [#787](https://github.com/jpadilla/pyjwt/issues/787) <https://github.com/jpadilla/pyjwt/pull/787>__

Fixed

- Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in `[#763](https://github.com/jpadilla/pyjwt/issues/763) <https://github.com/jpadilla/pyjwt/pull/763>`__
- Fixes for pyright on strict mode by @brandon-leapyear in `[#747](https://github.com/jpadilla/pyjwt/issues/747) <https://github.com/jpadilla/pyjwt/pull/747>`__
- docs: fix simple typo, iinstance -> isinstance by @timgates42 in `[#774](https://github.com/jpadilla/pyjwt/issues/774) <https://github.com/jpadilla/pyjwt/pull/774>`__
- Fix typo: priot -> prior by @jdufresne in `[#780](https://github.com/jpadilla/pyjwt/issues/780) <https://github.com/jpadilla/pyjwt/pull/780>`__
- Fix for headers disorder issue by @kadabusha in `[#721](https://github.com/jpadilla/pyjwt/issues/721) <https://github.com/jpadilla/pyjwt/pull/721>`__
Added

• Add to_jwk static method to ECAlgorithm by @​leonsmith in [#732](https://github.com/jpadilla/pyjwt/issues/732) <https://github.com/jpadilla/pyjwt/pull/732>__
• Expose get_algorithm_by_name as new method by @​sirosen in [#773](https://github.com/jpadilla/pyjwt/issues/773) <https://github.com/jpadilla/pyjwt/pull/773>__
• Add type hints to jwt/help.py and add missing types dependency by @​kkirsche in [#784](https://github.com/jpadilla/pyjwt/issues/784) <https://github.com/jpadilla/pyjwt/pull/784>__
• Add cacheing functionality for JWK set by @​wuhaoyujerry in [#781](https://github.com/jpadilla/pyjwt/issues/781) <https://github.com/jpadilla/pyjwt/pull/781>__

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.