servala/servala-portal
6
1
Fork 0
Code Issues 35 Pull requests 5 Projects 2 Releases 10 Packages 2 Activity Actions

Update dependency pyjwt to >=2.12.1 #450

Merged
tobru merged 1 commit from renovate/pyjwt-2.x into main 2026-03-16 09:33:10 +00:00
Conversation 0 Commits 1 Files changed 2 +5 -5
renovate commented 2026-03-13 03:01:55 +00:00
Member
Copy link

This PR contains the following updates:

Package Change Age Confidence
pyjwt >=2.11.0>=2.12.1 age confidence

Release Notes

jpadilla/pyjwt (pyjwt)

v2.12.1

Compare Source

v2.12.0

Compare Source

Fixed


- Add missing ``typing_extensions`` dependency for Python < 3.11 in `#&#8203;1150 <https://github.com/jpadilla/pyjwt/issues/1150>`__

`v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__
-----------------------------------------------------------------------

Fixed
  • Annotate PyJWKSet.keys for pyright by @​tamird in #&#8203;1134 <https://github.com/jpadilla/pyjwt/pull/1134>__
  • Close HTTPError response to prevent ResourceWarning on Python 3.14 by @​veeceey in #&#8203;1133 <https://github.com/jpadilla/pyjwt/pull/1133>__
  • Do not keep algorithms dict in PyJWK instances by @​akx in #&#8203;1143 <https://github.com/jpadilla/pyjwt/pull/1143>__
  • Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @​dmbs335 in GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>__
  • Use PyJWK algorithm when encoding without explicit algorithm in #&#8203;1148 <https://github.com/jpadilla/pyjwt/pull/1148>__

Added


- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__
-----------------------------------------------------------------------

Fixed
  • Enforce ECDSA curve validation per RFC 7518 Section 3.4.
  • Fix build system warnings by @​kurtmckee in #&#8203;1105 <https://github.com/jpadilla/pyjwt/pull/1105>__
  • Validate key against allowed types for Algorithm family in #&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>__
  • Add iterator for JWKSet in #&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>__
  • Validate iss claim is a string during encoding and decoding by @​pachewise in #&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>__
  • Improve typing/logic for options in decode, decode_complete by @​pachewise in #&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>__
  • Declare float supported type for lifespan and timeout by @​nikitagashkov in #&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>__
  • Fix SyntaxWarning\s/DeprecationWarning\s caused by invalid escape sequences by @​kurtmckee in #&#8203;1103 <https://github.com/jpadilla/pyjwt/pull/1103>__
  • Development: Build a shared wheel once to speed up test suite setup times by @​kurtmckee in #&#8203;1114 <https://github.com/jpadilla/pyjwt/pull/1114>__
  • Development: Test type annotations across all supported Python versions,
    increase the strictness of the type checking, and remove the mypy pre-commit hook
    by @​kurtmckee in #&#8203;1112 <https://github.com/jpadilla/pyjwt/pull/1112>__

Added


- Support Python 3.14, and test against PyPy 3.10 and 3.11 by @&#8203;kurtmckee in `#&#8203;1104 <https://github.com/jpadilla/pyjwt/pull/1104>`__
- Development: Migrate to ``build`` to test package building in CI by @&#8203;kurtmckee in `#&#8203;1108 <https://github.com/jpadilla/pyjwt/pull/1108>`__
- Development: Improve coverage config and eliminate unused test suite code by @&#8203;kurtmckee in `#&#8203;1115 <https://github.com/jpadilla/pyjwt/pull/1115>`__
- Docs: Standardize CHANGELOG links to PRs by @&#8203;kurtmckee in `#&#8203;1110 <https://github.com/jpadilla/pyjwt/pull/1110>`__
- Docs: Fix Read the Docs builds by @&#8203;kurtmckee in `#&#8203;1111 <https://github.com/jpadilla/pyjwt/pull/1111>`__
- Docs: Add example of using leeway with nbf by @&#8203;djw8605 in `#&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>`__
- Docs: Refactored docs with ``autodoc``; added ``PyJWS`` and ``jwt.algorithms`` docs by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Docs: Documentation improvements for "sub" and "jti" claims by @&#8203;cleder in `#&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>`__
- Development: Add pyupgrade as a pre-commit hook by @&#8203;kurtmckee in `#&#8203;1109 <https://github.com/jpadilla/pyjwt/pull/1109>`__
- Add minimum key length validation for HMAC and RSA keys (CWE-326).
  Warns by default via ``InsecureKeyLengthWarning`` when keys are below
  minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and
  NIST SP 800-131A (RSA). Pass ``enforce_minimum_key_length=True`` in
  options to ``PyJWT`` or ``PyJWS`` to raise ``InvalidKeyError`` instead.
- Refactor ``PyJWT`` to own an internal ``PyJWS`` instance instead of
  calling global ``api_jws`` functions.

`v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>`__
-----------------------------------------------------------------------

Fixed
  • Prevent partial matching of iss claim by @​fabianbadoi in GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>__

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pyjwt](https://github.com/jpadilla/pyjwt) | `>=2.11.0` → `>=2.12.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pyjwt/2.12.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pyjwt/2.11.0/2.12.1?slim=true) | --- ### Release Notes <details> <summary>jpadilla/pyjwt (pyjwt)</summary> ### [`v2.12.1`](https://github.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#Unreleased-httpsgithubcomjpadillapyjwtcompare2121HEAD) [Compare Source](https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1) ### [`v2.12.0`](https://github.com/jpadilla/pyjwt/blob/HEAD/CHANGELOG.rst#v2121-httpsgithubcomjpadillapyjwtcompare21202121) [Compare Source](https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0) Fixed ``` - Add missing ``typing_extensions`` dependency for Python < 3.11 in `#&#8203;1150 <https://github.com/jpadilla/pyjwt/issues/1150>`__ `v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__ ----------------------------------------------------------------------- Fixed ``` - Annotate PyJWKSet.keys for pyright by [@&#8203;tamird](https://github.com/tamird) in `#&#8203;1134 <https://github.com/jpadilla/pyjwt/pull/1134>`\_\_ - Close `HTTPError` response to prevent `ResourceWarning` on Python 3.14 by [@&#8203;veeceey](https://github.com/veeceey) in `#&#8203;1133 <https://github.com/jpadilla/pyjwt/pull/1133>`\_\_ - Do not keep `algorithms` dict in PyJWK instances by [@&#8203;akx](https://github.com/akx) in `#&#8203;1143 <https://github.com/jpadilla/pyjwt/pull/1143>`\_\_ - Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by [@&#8203;dmbs335](https://github.com/dmbs335) in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`\_\_ - Use PyJWK algorithm when encoding without explicit algorithm in `#&#8203;1148 <https://github.com/jpadilla/pyjwt/pull/1148>`\_\_ Added ``` - Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). `v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__ ----------------------------------------------------------------------- Fixed ``` - Enforce ECDSA curve validation per RFC 7518 Section 3.4. - Fix build system warnings by [@&#8203;kurtmckee](https://github.com/kurtmckee) in `#&#8203;1105 <https://github.com/jpadilla/pyjwt/pull/1105>`\_\_ - Validate key against allowed types for Algorithm family in `#&#8203;964 <https://github.com/jpadilla/pyjwt/pull/964>`\_\_ - Add iterator for JWKSet in `#&#8203;1041 <https://github.com/jpadilla/pyjwt/pull/1041>`\_\_ - Validate `iss` claim is a string during encoding and decoding by [@&#8203;pachewise](https://github.com/pachewise) in `#&#8203;1040 <https://github.com/jpadilla/pyjwt/pull/1040>`\_\_ - Improve typing/logic for `options` in decode, decode\_complete by [@&#8203;pachewise](https://github.com/pachewise) in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`\_\_ - Declare float supported type for lifespan and timeout by [@&#8203;nikitagashkov](https://github.com/nikitagashkov) in `#&#8203;1068 <https://github.com/jpadilla/pyjwt/pull/1068>`\_\_ - Fix `SyntaxWarning`\s/`DeprecationWarning`\s caused by invalid escape sequences by [@&#8203;kurtmckee](https://github.com/kurtmckee) in `#&#8203;1103 <https://github.com/jpadilla/pyjwt/pull/1103>`\_\_ - Development: Build a shared wheel once to speed up test suite setup times by [@&#8203;kurtmckee](https://github.com/kurtmckee) in `#&#8203;1114 <https://github.com/jpadilla/pyjwt/pull/1114>`\_\_ - Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by [@&#8203;kurtmckee](https://github.com/kurtmckee) in `#&#8203;1112 <https://github.com/jpadilla/pyjwt/pull/1112>`\_\_ Added ``` - Support Python 3.14, and test against PyPy 3.10 and 3.11 by @&#8203;kurtmckee in `#&#8203;1104 <https://github.com/jpadilla/pyjwt/pull/1104>`__ - Development: Migrate to ``build`` to test package building in CI by @&#8203;kurtmckee in `#&#8203;1108 <https://github.com/jpadilla/pyjwt/pull/1108>`__ - Development: Improve coverage config and eliminate unused test suite code by @&#8203;kurtmckee in `#&#8203;1115 <https://github.com/jpadilla/pyjwt/pull/1115>`__ - Docs: Standardize CHANGELOG links to PRs by @&#8203;kurtmckee in `#&#8203;1110 <https://github.com/jpadilla/pyjwt/pull/1110>`__ - Docs: Fix Read the Docs builds by @&#8203;kurtmckee in `#&#8203;1111 <https://github.com/jpadilla/pyjwt/pull/1111>`__ - Docs: Add example of using leeway with nbf by @&#8203;djw8605 in `#&#8203;1034 <https://github.com/jpadilla/pyjwt/pull/1034>`__ - Docs: Refactored docs with ``autodoc``; added ``PyJWS`` and ``jwt.algorithms`` docs by @&#8203;pachewise in `#&#8203;1045 <https://github.com/jpadilla/pyjwt/pull/1045>`__ - Docs: Documentation improvements for "sub" and "jti" claims by @&#8203;cleder in `#&#8203;1088 <https://github.com/jpadilla/pyjwt/pull/1088>`__ - Development: Add pyupgrade as a pre-commit hook by @&#8203;kurtmckee in `#&#8203;1109 <https://github.com/jpadilla/pyjwt/pull/1109>`__ - Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via ``InsecureKeyLengthWarning`` when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass ``enforce_minimum_key_length=True`` in options to ``PyJWT`` or ``PyJWS`` to raise ``InvalidKeyError`` instead. - Refactor ``PyJWT`` to own an internal ``PyJWS`` instance instead of calling global ``api_jws`` functions. `v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>`__ ----------------------------------------------------------------------- Fixed ``` - Prevent partial matching of `iss` claim by [@&#8203;fabianbadoi](https://github.com/fabianbadoi) in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`\_\_ </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yLjEiLCJ1cGRhdGVkSW5WZXIiOiI0My4yLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
renovate changed title from Update dependency pyjwt to >=2.12.0 to Update dependency pyjwt to >=2.12.1 2026-03-14 03:01:48 +00:00
renovate force-pushed renovate/pyjwt-2.x from ed56f0594f
All checks were successful
Tests / test (push) Successful in 51s
Details
to d03abe5b25
All checks were successful
Tests / test (push) Successful in 51s
Details
2026-03-14 03:01:49 +00:00 Compare
tobru merged commit 0e45fac1b6 into main 2026-03-16 09:33:10 +00:00
tobru deleted branch renovate/pyjwt-2.x 2026-03-16 09:33:10 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
API

Relates to API

  
Billing

Billing and invoicing

  
UI/UX

User interface and user experience

  
dependencies

Dependencies Update

  
bug

Something is not working

  
change

Change an existing feature

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
API
Billing
UI/UX
dependencies
bug
change
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
servala/servala-portal!450
No description provided.