-
-
Notifications
You must be signed in to change notification settings - Fork 689
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump up cryptography >= 3.4.0 #807
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bors bot
added a commit
to microsoft/Qcodes
that referenced
this pull request
Oct 20, 2022
4745: Update pyjwt requirement from ~=2.5.0 to ~=2.6.0 r=jenshnielsen a=dependabot[bot] Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.6.0 <https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0></code>__</h2> <p>Changed</p> <pre><code> - bump up cryptography >= 3.4.0 by `@jpadilla` in `[#807](jpadilla/pyjwt#807) <https://github.com/jpadilla/pyjwt/pull/807>`_ - Remove `types-cryptography` from `crypto` extra by `@lautat` in `[#805](jpadilla/pyjwt#805) <https://github.com/jpadilla/pyjwt/pull/805>`_ <p>Fixed</p> <pre><code> - Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &lt;https://github.com/jpadilla/pyjwt/pull/797&gt;`_ - fix: version 2.5.0 heading typo by `@c0state` in `[#803](jpadilla/pyjwt#803) &lt;https://github.com/jpadilla/pyjwt/pull/803&gt;`_ Added </code></pre> <ul> <li>Adding validation for <code>issued_at</code> when <code>iat &gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>`@sriharan16</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a></li> </ul> <h2><code>v2.5.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0&gt;</code>__</h2> <p>Changed </code></pre></p> <ul> <li>Skip keys with incompatible alg when loading JWKSet by <a href="https://github.com/DaGuich"><code>`@DaGuich</code></a>` in <code>[#762](jpadilla/pyjwt#762) <https://github.com/jpadilla/pyjwt/pull/762></code>__</li> <li>Remove support for python3.6 by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <code>[#777](jpadilla/pyjwt#777) <https://github.com/jpadilla/pyjwt/pull/777></code>__</li> <li>Emit a deprecation warning for unsupported kwargs by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <code>[#776](jpadilla/pyjwt#776) <https://github.com/jpadilla/pyjwt/pull/776></code>__</li> <li>Remove redundant wheel dep from pyproject.toml by <a href="https://github.com/mgorny"><code>`@mgorny</code></a>` in <code>[#765](jpadilla/pyjwt#765) <https://github.com/jpadilla/pyjwt/pull/765></code>__</li> <li>Do not fail when an unusable key occurs by <a href="https://github.com/DaGuich"><code>`@DaGuich</code></a>` in <code>[#762](jpadilla/pyjwt#762) <https://github.com/jpadilla/pyjwt/pull/762></code>__</li> <li>Update audience typing by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <code>[#782](jpadilla/pyjwt#782) <https://github.com/jpadilla/pyjwt/pull/782></code>__</li> <li>Improve PyJWKSet error accuracy by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <code>[#786](jpadilla/pyjwt#786) <https://github.com/jpadilla/pyjwt/pull/786></code>__</li> <li>Mypy as pre-commit check + api_jws typing by <a href="https://github.com/JulianMaurin"><code>`@JulianMaurin</code></a>` in <code>[#787](jpadilla/pyjwt#787) <https://github.com/jpadilla/pyjwt/pull/787></code>__</li> </ul> <p>Fixed</p> <pre><code> - Adjust expected exceptions in option merging tests for PyPy3 by `@mgorny` in `[#763](jpadilla/pyjwt#763) <https://github.com/jpadilla/pyjwt/pull/763>`__ - Fixes for pyright on strict mode by `@brandon-leapyear` in `[#747](jpadilla/pyjwt#747) <https://github.com/jpadilla/pyjwt/pull/747>`__ - docs: fix simple typo, iinstance -> isinstance by `@timgates42` in `[#774](jpadilla/pyjwt#774) <https://github.com/jpadilla/pyjwt/pull/774>`__ - Fix typo: priot -> prior by `@jdufresne` in `[#780](jpadilla/pyjwt#780) <https://github.com/jpadilla/pyjwt/pull/780>`__ - Fix for headers disorder issue by `@kadabusha` in `[#721](jpadilla/pyjwt#721) <https://github.com/jpadilla/pyjwt/pull/721>`__ <p>Added </code></pre></p> <ul> <li>Add to_jwk static method to ECAlgorithm by <a href="https://github.com/leonsmith"><code>`@leonsmith</code></a>` in <code>[#732](jpadilla/pyjwt#732) <https://github.com/jpadilla/pyjwt/pull/732></code>__</li> <li>Expose get_algorithm_by_name as new method by <a href="https://github.com/sirosen"><code>`@sirosen</code></a>` in <code>[#773](jpadilla/pyjwt#773) <https://github.com/jpadilla/pyjwt/pull/773></code>__</li> <li>Add type hints to jwt/help.py and add missing types dependency by <a href="https://github.com/kkirsche"><code>`@kkirsche</code></a>` in <code>[#784](jpadilla/pyjwt#784) <https://github.com/jpadilla/pyjwt/pull/784></code>__</li> <li>Add cacheing functionality for JWK set by <a href="https://github.com/wuhaoyujerry"><code>`@wuhaoyujerry</code></a>` in <code>[#781](jpadilla/pyjwt#781) <https://github.com/jpadilla/pyjwt/pull/781></code>__</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li> </ul> </details> <br /> You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> 4746: Update pandas requirement from ~=1.5.0 to ~=1.5.1 r=jenshnielsen a=dependabot[bot] Updates the requirements on [pandas](https://github.com/pandas-dev/pandas) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pandas-dev/pandas/releases">pandas's releases</a>.</em></p> <blockquote> <h2>Pandas 1.5.1</h2> <p>This is a patch release in the 1.5.x series and includes some regression and bug fixes. We recommend that all users upgrade to this version.</p> <p>See the <a href="https://pandas.pydata.org/pandas-docs/version/1.5.1/whatsnew/v1.5.1.html">full whatsnew</a> for a list of all the changes.</p> <p>The release will be available on the defaults and conda-forge channels:</p> <pre><code>conda install pandas </code></pre> <p>Or via PyPI:</p> <pre><code>python3 -m pip install --upgrade pandas </code></pre> <p>Please report any issues with the release on the <a href="https://github.com/pandas-dev/pandas/issues">pandas issue tracker</a>.</p> <p>Thanks to all the contributors who made this release possible.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pandas-dev/pandas/commit/91111fd99898d9dcaa6bf6bedb662db4108da6e6"><code>91111fd</code></a> RLS: 1.5.1</li> <li><a href="https://github.com/pandas-dev/pandas/commit/72863856504a4e906fc603f9e4624f251b614828"><code>7286385</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49162">#49162</a> on branch 1.5.x (PERF: Fix performance regression for isin...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/8429c50a279ba953514d1ca4d4a2bcef5e23ecc9"><code>8429c50</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49140">#49140</a> on branch 1.5.x (Revert "PERF: faster corrwith method for ...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/5b036c1c35890c44531f796f5dca92796276b2b5"><code>5b036c1</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49137">#49137</a> on branch 1.5.x (WEB/DOC: Fix typo in OVH name) (<a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49138">#49138</a>)</li> <li><a href="https://github.com/pandas-dev/pandas/commit/ea971acb948d16e284a38292cd615a5eb7c055ab"><code>ea971ac</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/48770">#48770</a> on branch 1.5.x (added sytle in stylesheet for <blockquote...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/27717a20061aaedda0d3e5de8461835e952c49f3"><code>27717a2</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49080">#49080</a> on branch 1.5.x (REGR: midx.values resetting freq of under...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/c58f2057b8c8a7fa79654c45a83c963c013a3aa3"><code>c58f205</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/48457">#48457</a> on branch 1.5.x (TST: Fix unsigned pyarrow types in SIGNED...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/072402b58cbd87c2106413a37213c0b6020e34b1"><code>072402b</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49053">#49053</a> on branch 1.5.x (REVERT caching in find_stack_level) (<a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49079">#49079</a>)</li> <li><a href="https://github.com/pandas-dev/pandas/commit/f9eebaf9de23aa9c5debdd86524615b22c23025f"><code>f9eebaf</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49072">#49072</a> on branch 1.5.x (BUG: redirect from meeting to community w...</li> <li><a href="https://github.com/pandas-dev/pandas/commit/b8d2f461767e1e2124a08c17be69bf0f847c882e"><code>b8d2f46</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49070">#49070</a> on branch 1.5.x (CI: Fix DeprecationWarning of numpy dev) ...</li> <li>Additional commits viewable in <a href="https://github.com/pandas-dev/pandas/compare/v1.5.0...v1.5.1">compare view</a></li> </ul> </details> <br /> You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> 4748: Bump scipy from 1.9.2 to 1.9.3 r=jenshnielsen a=dependabot[bot] Bumps [scipy](https://github.com/scipy/scipy) from 1.9.2 to 1.9.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/scipy/scipy/releases">scipy's releases</a>.</em></p> <blockquote> <h1>SciPy 1.9.3 Release Notes</h1> <p>SciPy <code>1.9.3</code> is a bug-fix release with no new features compared to <code>1.9.2</code>.</p> <h1>Authors</h1> <ul> <li>Jelle Aalbers (1)</li> <li>Peter Bell (1)</li> <li>Jake Bowhay (3)</li> <li>Matthew Brett (3)</li> <li>Evgeni Burovski (5)</li> <li>drpeteb (1) +</li> <li>Sebastian Ehlert (1) +</li> <li>GavinZhang (1) +</li> <li>Ralf Gommers (2)</li> <li>Matt Haberland (15)</li> <li>Lakshaya Inani (1) +</li> <li>Joseph T. Iosue (1)</li> <li>Nathan Jacobi (1) +</li> <li>jmkuebler (1) +</li> <li>Nikita Karetnikov (1) +</li> <li>Lechnio (1) +</li> <li>Nicholas McKibben (1)</li> <li>Andrew Nelson (1)</li> <li>o-alexandre-felipe (1) +</li> <li>Tirth Patel (1)</li> <li>Tyler Reddy (51)</li> <li>Martin Reinecke (1)</li> <li>Marie Roald (1) +</li> <li>Pamphile Roy (2)</li> <li>Eli Schwartz (1)</li> <li>serge-sans-paille (1)</li> <li>ehsan shirvanian (1) +</li> <li>Mamoru TASAKA (1) +</li> <li>Samuel Wallan (1)</li> <li>Warren Weckesser (7)</li> <li>Gavin Zhang (1) +</li> </ul> <p>A total of 31 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/scipy/scipy/commit/de80faf9d3480b9dbb9b888568b64499e0e70c19"><code>de80faf</code></a> REL: set 1.9.3 released [wheel build]</li> <li><a href="https://github.com/scipy/scipy/commit/25e6b901077646cbdaf0a022ff63d55b2c40b114"><code>25e6b90</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17239">#17239</a> from tylerjereddy/treddy_backport_193</li> <li><a href="https://github.com/scipy/scipy/commit/ba33e438f948d5e147755aff0e63f6a01f5bc676"><code>ba33e43</code></a> DOC: update 1.9.3 relnotes</li> <li><a href="https://github.com/scipy/scipy/commit/92d892efaf689c1be970370cd9b33678482fb1fd"><code>92d892e</code></a> MAINT: Handle numpy's deprecation of accepting out-of-bound integers.</li> <li><a href="https://github.com/scipy/scipy/commit/ba5f6daa1d855f43f9f0d19f51386285b2835ce8"><code>ba5f6da</code></a> MAINT: PR 17239 revisions</li> <li><a href="https://github.com/scipy/scipy/commit/381089e753b42c26faf3fb689fc82f7a5c34c422"><code>381089e</code></a> DOC: update 1.9.3 relnotes</li> <li><a href="https://github.com/scipy/scipy/commit/2db3440cfd768009847fb355f3da53fc8c562ea3"><code>2db3440</code></a> BLD: fix invalid shebang for build helper script</li> <li><a href="https://github.com/scipy/scipy/commit/a9a6582a38e23f178ddaed874d1bc65de3313cb2"><code>a9a6582</code></a> DOC: stats.mode: add versionadded tag and correct order of keepdims descripti...</li> <li><a href="https://github.com/scipy/scipy/commit/f4738889bd34d294cfcbd4aaed8c914fe961a0fd"><code>f473888</code></a> BLD: fix issue with incomplete threads dependency handling (<a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17200">#17200</a>)</li> <li><a href="https://github.com/scipy/scipy/commit/5370f15752eef1f62773236704d6339fa4d4e99c"><code>5370f15</code></a> MAINT: update meson.build to make it work on IBM i system (<a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17193">#17193</a>)</li> <li>Additional commits viewable in <a href="https://github.com/scipy/scipy/compare/v1.9.2...v1.9.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=scipy&package-manager=pip&previous-version=1.9.2&new-version=1.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci
pushed a commit
to inmanta/inmanta-core
that referenced
this pull request
Oct 21, 2022
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.6.0 <https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0></code>__</h2> <p>Changed</p> <pre><code> - bump up cryptography >= 3.4.0 by @jpadilla in `[#807](jpadilla/pyjwt#807) <https://github.com/jpadilla/pyjwt/pull/807>`_ - Remove `types-cryptography` from `crypto` extra by @lautat in `[#805](jpadilla/pyjwt#805) <https://github.com/jpadilla/pyjwt/pull/805>`_ <p>Fixed</p> <pre><code> - Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &lt;https://github.com/jpadilla/pyjwt/pull/797&gt;`_ - fix: version 2.5.0 heading typo by @c0state in `[#803](jpadilla/pyjwt#803) &lt;https://github.com/jpadilla/pyjwt/pull/803&gt;`_ Added </code></pre> <ul> <li>Adding validation for <code>issued_at</code> when <code>iat &gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>@sriharan16</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a> </code></pre></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
inmantaci
pushed a commit
to inmanta/inmanta-core
that referenced
this pull request
Oct 21, 2022
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p> <blockquote> <h2><code>v2.6.0 <https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0></code>__</h2> <p>Changed</p> <pre><code> - bump up cryptography >= 3.4.0 by @jpadilla in `[#807](jpadilla/pyjwt#807) <https://github.com/jpadilla/pyjwt/pull/807>`_ - Remove `types-cryptography` from `crypto` extra by @lautat in `[#805](jpadilla/pyjwt#805) <https://github.com/jpadilla/pyjwt/pull/805>`_ <p>Fixed</p> <pre><code> - Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &lt;https://github.com/jpadilla/pyjwt/pull/797&gt;`_ - fix: version 2.5.0 heading typo by @c0state in `[#803](jpadilla/pyjwt#803) &lt;https://github.com/jpadilla/pyjwt/pull/803&gt;`_ Added </code></pre> <ul> <li>Adding validation for <code>issued_at</code> when <code>iat &gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>@sriharan16</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a> </code></pre></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#804 (comment)