Bump pyjwt from 2.0.1 to 2.4.0 #774

dependabot · 2022-05-25T02:13:03Z

Bumps pyjwt from 2.0.1 to 2.4.0.

Release notes

2.4.0

Security

[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24

What's Changed

Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699

Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#708

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#710

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#711

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#712

documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#716

Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#720

api_jwk: Add PyJWKSet.getitem by @woodruffw in jpadilla/pyjwt#725

Update usage.rst by @guneybilen in jpadilla/pyjwt#727

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#728

fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729

Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734

Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738

Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#740

Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742

Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#748

Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744

Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751

New Contributors

@hugovk made their first contribution in jpadilla/pyjwt#699

@rekyungmin made their first contribution in jpadilla/pyjwt#705

@sseering made their first contribution in jpadilla/pyjwt#661

@estin made their first contribution in jpadilla/pyjwt#713

@woodruffw made their first contribution in jpadilla/pyjwt#725

@guneybilen made their first contribution in jpadilla/pyjwt#727

@dmahr1 made their first contribution in jpadilla/pyjwt#734

@israelabraham made their first contribution in jpadilla/pyjwt#738

@fviard made their first contribution in jpadilla/pyjwt#723

@akx made their first contribution in jpadilla/pyjwt#742

@hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

2.3.0

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#700

Add exception chaining by @ehdgua01 in jpadilla/pyjwt#702

Revert "Remove arbitrary kwargs." by @auvipy in jpadilla/pyjwt#701

... (truncated)

Changelog

Sourced from pyjwt's changelog.

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added


Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__
Fixed

- Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__

Added


Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__
&lt;/tr&gt;&lt;/table&gt;

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.0.1...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

…_pinning--5_4.md

…yptographic_algorithms--3_4.md

…es_and_industry_standards--3_2-3.md

Instructions on how to deploy labs using minikube for linux users.

Added Minikube.md

… k8s-dabase-update

Added Minikube.md

fix for disabling GKE by default

fix bug for subdomain Labs spinning

fix for removing namespaces, also should be removed when cleaning up labs

fix for subdomain deploy

corrected the commands and a few mistakes

Update README.md

update labs links + added new labs

bump to latest docker tag

Update README.md

Add persistent storage to mysql database in K8s and a volume in docker-compose

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.0.1 to 2.4.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.0.1...2.4.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

blabla1337 and others added 30 commits August 5, 2021 21:23

Fix bug with new rabbitMq

6642861

update version

bb9be29

Create SECURITY.md

81f6078

Update README.md

530011d

Add files via upload

5396047

Delete 2000-knowledge_base--empty_control--7_9.md

867aee7

Delete 2001-knowledge_base--Identify_all_app_components--1_1.md

599b3a9

Update 2000-knowledge_base--identify_components--1_1.md.md

449a37a

Update 2000-knowledge_base--identify_components--1_1.md.md

cd386ff

Update 2000-knowledge_base--identify_components--1_1.md.md

e1271ce

Update 2000-knowledge_base--app_permissions--6_1.md

3847ec8

Update 2000-knowledge_base--authorization_models--4_12.md

6f34c04

Update 2000-knowledge_base--authorization_models--4_12.md

d708e87

Update 2000-knowledge_base--best_practices_for_passwords--4_5.md

55953f6

Update 2000-knowledge_base--biometric_authentication--4_8.md

6fc1d20

Update 2000-knowledge_base--control_objective--2_0.md

76158f3

Update 2000-knowledge_base--control_objective--3_0.md

03abaf9

Update 2000-knowledge_base--control_objective--8_0.md

9fd9d8e

Update 2000-knowledge_base--cryptographic_keys_management--1_8.md.md

dce0ae5

Update 2000-knowledge_base--custom_certificate_stores_and_certificate…

a136a10

…_pinning--5_4.md

Update 2000-knowledge_base--custom_url_schemes--6_3.md

137c88d

Update 2000-knowledge_base--definition_of_all_components--1_5.md.md

c49671f

Update 2000-knowledge_base--device-access-security_policy--2_11.md

2af9c76

Update 2000-knowledge_base--endpoint_identify_verification--5_3.md

85223bc

Update 2000-knowledge_base--file_integrity_checks--8_3-11.md

4f7e6b9

Update 2000-knowledge_base--identifying_insecure_and:or_deprecated_cr…

0785cd4

…yptographic_algorithms--3_4.md

Update 2000-knowledge_base--implementations_of_cryptographic_primitiv…

69016d4

…es_and_industry_standards--3_2-3.md

Update 2000-knowledge_base--javascript_execution_in_webviews--6_5.md

4dc4611

Update 2000-knowledge_base--local_storage_for_sensitive_data_--2_1-2.md

51d4edd

Update 2000-knowledge_base--login_activity_and_device_blocking--4_11.md

591e2ee

lfama and others added 27 commits November 11, 2021 23:25

Added Minikube.md

8712b74

Instructions on how to deploy labs using minikube for linux users.

Merge pull request #1 from lfama/minikube-how-to

7bcf58d

Added Minikube.md

Correct skfloginprovidor to skfprovidor in docs.

64f01ea

Merge branch 'k8s-dabase-update' of github.com:MeVitae/skf-flask into…

fcaf36c

… k8s-dabase-update

Merge pull request #754 from lfama/main

b45cd7a

Added Minikube.md

Update README.md

6f63b0c

Merge branch 'main' into k8s-dabase-update

ff92cec

Update README.md

e753f71

Update Deployment_backend.yaml

09d8f9d

fix for disabling GKE by default

Update deployment-worker.py

ea91ce9

fix bug for subdomain Labs spinning

Update common.py

b65eb61

fix for removing namespaces, also should be removed when cleaning up labs

Update deployment-worker.py

fb9ce47

fix for subdomain deploy

corrected the commands and a few mistakes

6d002e7

Merge pull request #757 from shubhangi013/shubhangi013

f489b05

corrected the commands and a few mistakes

Merge pull request #756 from blabla1337/Add-Manu-to-Contribs

a4e4773

Update README.md

Merge branch 'main' into k8s-dabase-update

e8f055a

Update initial_data.py

030da7d

update labs links + added new labs

Update Deployment_backend.yaml

61ea4fb

bump to latest docker tag

Update README.md

81fd115

Update README.md

3a3d586

Update Azure.md

a6e04bd

Update Azure.md

53d8261

Update configmaps.yaml

b2c944d

Update README.md

60d4630

Merge pull request #764 from xen0vas/patch-3

74b9834

Update README.md

Merge pull request #753 from MeVitae/k8s-dabase-update

40bbd57

Add persistent storage to mysql database in K8s and a volume in docker-compose

dependabot bot added dependencies Pull requests that update a dependency file Python labels May 25, 2022

blabla1337 force-pushed the dependabot/pip/pyjwt-2.4.0 branch from b1b9262 to 0359283 Compare June 17, 2022 20:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pyjwt from 2.0.1 to 2.4.0 #774

Bump pyjwt from 2.0.1 to 2.4.0 #774

dependabot bot commented on behalf of github May 25, 2022

`v2.3.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&gt;`__

`v2.2.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&gt;`__

Bump pyjwt from 2.0.1 to 2.4.0 #774

Are you sure you want to change the base?

Bump pyjwt from 2.0.1 to 2.4.0 #774

Conversation

dependabot bot commented on behalf of github May 25, 2022

2.4.0

Security

What's Changed

New Contributors

2.3.0

What's Changed

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__

v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

`v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>`__

`v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>`__