2023-07-19 10:35:33 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-JWT: updated to 2.8.0
v2.8.0
Changed
- Update python version test matrix
Added
- Add ``strict_aud`` as an option to ``jwt.decode``
- Export PyJWKClientConnectionError class
- Allows passing of ssl.SSLContext to PyJWKClient
|
2023-05-10 11:55:38 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-JWT: updated to 2.7.0
v2.7.0
Changed
- Changed the error message when the token audience doesn't match the expected \
audience
- Improve error messages when cryptography isn't installed
- Make `Algorithm` an abstract base class
- ignore invalid keys in a jwks
Fixed
- Add classifier for Python 3.11
- Fix ``_validate_iat`` validation
- fix: use datetime.datetime.timestamp function to have a milliseconds
- docs: correct mistake in the changelog about verify param
Added
- Add ``compute_hash_digest`` as a method of ``Algorithm`` objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a ``NotImplementedError`` will be raised
- Add optional ``headers`` argument to ``PyJWKClient``. If provided, the headers
will be included in requests that the client uses when fetching the JWK set
- Add PyJWT._{de,en}code_payload hooks
- Add `sort_headers` parameter to `api_jwt.encode`
- Make mypy configuration stricter and improve typing
- Add more types
- Add a timeout for PyJWKClient requests
- Add client connection error exception
- Add complete types to take all allowed keys into account
- Add `as_dict` option to `Algorithm.to_jwk`
|
2022-10-25 09:25:13 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-JWT: updated to 2.6.0
v2.6.0
Changed
~~~~~~~
- bump up cryptography >= 3.4.0
- Remove `types-cryptography` from `crypto` extra
Fixed
~~~~~
- Invalidate token on the exact second the token expires
- fix: version 2.5.0 heading typo
Added
~~~~~
- Adding validation for `issued_at` when `iat > (now + leeway)` as \
`ImmatureSignatureError`
|
2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26) |
Log message:
fighting a losing battle against py-cryptography rustification, part 2
Switch users to versioned_dependencies.mk.
|
2022-09-19 09:55:23 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-JWT: updated to 2.5.0
v2.5.0
Changed
Skip keys with incompatible alg when loading JWKSet
Remove support for python3.6
Emit a deprecation warning for unsupported kwargs
Remove redundant wheel dep from pyproject.toml
Do not fail when an unusable key occurs
Update audience typing
Improve PyJWKSet error accuracy
Mypy as pre-commit check + api_jws typing
Fixed
Adjust expected exceptions in option merging tests for PyPy3
Fixes for pyright on strict mode
docs: fix simple typo, iinstance -> isinstance
Fix typo: priot -> prior
Fix for headers disorder issue
Added
Add to_jwk static method to ECAlgorithm
Expose get_algorithm_by_name as new method
Add type hints to jwt/help.py and add missing types dependency
Add cacheing functionality for JWK set
|
2022-05-25 14:20:55 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-JWT: updated to 2.4.0
v2.4.0
Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key \
formats. \
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed
- Explicit check the key for ECAlgorithm by @estin in \
https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in \
https://github.com/jpadilla/pyjwt/pull/742
Fixed
- Don't use implicit optionals by @rekyungmin in \
https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in \
https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in \
https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in \
https://github.com/jpadilla/pyjwt/pull/743
Added
- Add support for Python 3.10 by @hugovk in \
https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in \
https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by \
@dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in \
https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by @fviard in \
https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx in \
https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2021-10-26 13:23:42 by Nia Alarie | Files touched by this commit (1161) |
Log message:
textproc: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip
|
2021-10-21 13:38:14 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-JWT: updated to 2.3.0
v2.3.0
Fixed
- Revert "Remove arbitrary kwargs."
Added
- Add exception chaining
|
2021-10-11 11:02:25 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-JWT: updated to 2.2.0
v2.2.0
Changed
- Remove arbitrary kwargs.
- Use timezone package as Python 3.5+ is required.
Fixed
- Assume JWK without the "use" claim is valid for signing as per RFC7517
- Prefer `headers["alg"]` to `algorithm` in `jwt.encode()`.
- Fix aud validation to support {'aud': null} case.
- Make `typ` optional in JWT to be compliant with RFC7519.
- Remove upper bound on cryptography version.
Added
- Add support for Ed448/EdDSA.
|