Navigation:
Browse pkgsrc
(this page) 2024-11-24 11:13:05 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: py-JWT: update to 2.10.0. v2.10.0 ------- Changed ~~~~~~~ - Remove algorithm requirement from JWT API, instead relying on JWS API for \ enforcement, by @luhn - Use ``Sequence`` for parameter types rather than ``List`` where applicable by \ @imnotjames - Add JWK support to JWT encode by @luhn - Encoding and decoding payloads using the `none` algorithm by @jpadilla - Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by \ @Divan009 - Refactor project configuration files from ``setup.cfg`` to ``pyproject.toml`` \ by @cleder - Ruff linter and formatter changes by @gagandeepp - Drop support for Python 3.8 (EOL) by @kkirsche Fixed ~~~~~ - Encode EC keys with a fixed bit length by @etianen - Add an RTD config file to resolve Read the Docs build failures by @kurtmckee - Docs: Update ``iat`` exception docs by @pachewise - Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn - Fix doctest for ``docs/usage.rst`` by @pachewise - Fix ``test_utils.py`` not to xfail by @pachewise - Docs: Correct `jwt.decode` audience param doc expression by @peter279k Added ~~~~~ - Add support for python 3.13 by @hugovk - Create SECURITY.md by @auvipy and @jpadilla - Docs: Add PS256 encoding and decoding usage by @peter279k - Docs: Add API docs for PyJWK by @luhn - Docs: Add EdDSA algorithm encoding/decoding usage by @peter279k - Include checkers and linters for ``pyproject.toml`` - Docs: Add ES256 decoding usage by @Gautam-Hegde |
| 2024-11-11 08:29:31 by Thomas Klausner | Files touched by this commit (862) |
Log message: py-*: remove unused tool dependency py-setuptools includes the py-wheel functionality nowadays |
| 2024-08-04 09:30:12 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-JWT: updated to 2.9.0 v2.9.0 Changed - Drop support for Python 3.7 (EOL) - Allow JWT issuer claim validation to accept a list of strings too Fixed - Fix unnecessary string concatenation - Fix docs for ``jwt.decode_complete`` to include ``strict_aud`` option - Fix docs step - Fix: Remove an unused variable from example code block Added - Add support for Python 3.12 - Improve performance of ``is_ssh_key`` + add unit test - Allow ``jwt.decode()`` to accept a PyJWK object - Make ``algorithm_name`` attribute available on PyJWK - Raise ``InvalidKeyError`` on invalid PEM keys to be compatible with \ cryptography 42.x.x - Raise an exception when required cryptography dependency is missing |
| 2023-07-19 10:35:33 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-JWT: updated to 2.8.0 v2.8.0 Changed - Update python version test matrix Added - Add ``strict_aud`` as an option to ``jwt.decode`` - Export PyJWKClientConnectionError class - Allows passing of ssl.SSLContext to PyJWKClient |
| 2023-05-10 11:55:38 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-JWT: updated to 2.7.0
v2.7.0
Changed
- Changed the error message when the token audience doesn't match the expected \
audience
- Improve error messages when cryptography isn't installed
- Make `Algorithm` an abstract base class
- ignore invalid keys in a jwks
Fixed
- Add classifier for Python 3.11
- Fix ``_validate_iat`` validation
- fix: use datetime.datetime.timestamp function to have a milliseconds
- docs: correct mistake in the changelog about verify param
Added
- Add ``compute_hash_digest`` as a method of ``Algorithm`` objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a ``NotImplementedError`` will be raised
- Add optional ``headers`` argument to ``PyJWKClient``. If provided, the headers
will be included in requests that the client uses when fetching the JWK set
- Add PyJWT._{de,en}code_payload hooks
- Add `sort_headers` parameter to `api_jwt.encode`
- Make mypy configuration stricter and improve typing
- Add more types
- Add a timeout for PyJWKClient requests
- Add client connection error exception
- Add complete types to take all allowed keys into account
- Add `as_dict` option to `Algorithm.to_jwk`
|
| 2022-10-25 09:25:13 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-JWT: updated to 2.6.0 v2.6.0 Changed ~~~~~~~ - bump up cryptography >= 3.4.0 - Remove `types-cryptography` from `crypto` extra Fixed ~~~~~ - Invalidate token on the exact second the token expires - fix: version 2.5.0 heading typo Added ~~~~~ - Adding validation for `issued_at` when `iat > (now + leeway)` as \ `ImmatureSignatureError` |
| 2022-10-19 15:56:34 by Nia Alarie | Files touched by this commit (26) |
Log message: fighting a losing battle against py-cryptography rustification, part 2 Switch users to versioned_dependencies.mk. |
| 2022-09-19 09:55:23 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message: py-JWT: updated to 2.5.0 v2.5.0 Changed Skip keys with incompatible alg when loading JWKSet Remove support for python3.6 Emit a deprecation warning for unsupported kwargs Remove redundant wheel dep from pyproject.toml Do not fail when an unusable key occurs Update audience typing Improve PyJWKSet error accuracy Mypy as pre-commit check + api_jws typing Fixed Adjust expected exceptions in option merging tests for PyPy3 Fixes for pyright on strict mode docs: fix simple typo, iinstance -> isinstance Fix typo: priot -> prior Fix for headers disorder issue Added Add to_jwk static method to ECAlgorithm Expose get_algorithm_by_name as new method Add type hints to jwt/help.py and add missing types dependency Add cacheing functionality for JWK set |
| 2022-05-25 14:20:55 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-JWT: updated to 2.4.0 v2.4.0 Security - [CVE-2022-29217] Prevent key confusion through non-blocklisted public key \ formats. \ https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 Changed - Explicit check the key for ECAlgorithm by @estin in \ https://github.com/jpadilla/pyjwt/pull/713 - Raise DeprecationWarning for jwt.decode(verify=...) by @akx in \ https://github.com/jpadilla/pyjwt/pull/742 Fixed - Don't use implicit optionals by @rekyungmin in \ https://github.com/jpadilla/pyjwt/pull/705 - documentation fix: show correct scope for decode_complete() by @sseering in \ https://github.com/jpadilla/pyjwt/pull/661 - fix: Update copyright information by @kkirsche in \ https://github.com/jpadilla/pyjwt/pull/729 - Don't mutate options dictionary in .decode_complete() by @akx in \ https://github.com/jpadilla/pyjwt/pull/743 Added - Add support for Python 3.10 by @hugovk in \ https://github.com/jpadilla/pyjwt/pull/699 - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in \ https://github.com/jpadilla/pyjwt/pull/725 - Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727 - Docs: mention performance reasons for reusing RSAPrivateKey when encoding by \ @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734 - Fixed typo in usage.rst by @israelabraham in \ https://github.com/jpadilla/pyjwt/pull/738 - Add detached payload support for JWS encoding and decoding by @fviard in \ https://github.com/jpadilla/pyjwt/pull/723 - Replace various string interpolations with f-strings by @akx in \ https://github.com/jpadilla/pyjwt/pull/744 - Update CHANGELOG.rst |
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
New packages: