Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump up cryptography >= 3.4.0 #807

Merged
merged 1 commit into from
Sep 20, 2022
Merged

bump up cryptography >= 3.4.0 #807

merged 1 commit into from
Sep 20, 2022

Conversation

jpadilla
Copy link
Owner

@jpadilla jpadilla merged commit f4d2370 into master Sep 20, 2022
@jpadilla jpadilla deleted the bump-cryptography branch September 20, 2022 10:49
bors bot added a commit to microsoft/Qcodes that referenced this pull request Oct 20, 2022
4745: Update pyjwt requirement from ~=2.5.0 to ~=2.6.0 r=jenshnielsen a=dependabot[bot]

Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.6.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- bump up cryptography &gt;= 3.4.0 by `@jpadilla` in `[#807](jpadilla/pyjwt#807) &lt;https://github.com/jpadilla/pyjwt/pull/807&gt;`_
- Remove `types-cryptography` from `crypto` extra by `@lautat` in `[#805](jpadilla/pyjwt#805) &lt;https://github.com/jpadilla/pyjwt/pull/805&gt;`_
<p>Fixed</p>
<pre><code>
- Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &amp;lt;https://github.com/jpadilla/pyjwt/pull/797&amp;gt;`_
- fix: version 2.5.0 heading typo by `@c0state` in `[#803](jpadilla/pyjwt#803) &amp;lt;https://github.com/jpadilla/pyjwt/pull/803&amp;gt;`_

Added
</code></pre>
<ul>
<li>Adding validation for <code>issued_at</code> when <code>iat &amp;gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>`@​sriharan16</code></a>` in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a></li>
</ul>
<h2><code>v2.5.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0&amp;gt;</code>__</h2>
<p>Changed
</code></pre></p>
<ul>
<li>Skip keys with incompatible alg when loading JWKSet by <a href="https://github.com/DaGuich"><code>`@​DaGuich</code></a>` in <code>[#762](jpadilla/pyjwt#762) &lt;https://github.com/jpadilla/pyjwt/pull/762&gt;</code>__</li>
<li>Remove support for python3.6 by <a href="https://github.com/sirosen"><code>`@​sirosen</code></a>` in <code>[#777](jpadilla/pyjwt#777) &lt;https://github.com/jpadilla/pyjwt/pull/777&gt;</code>__</li>
<li>Emit a deprecation warning for unsupported kwargs by <a href="https://github.com/sirosen"><code>`@​sirosen</code></a>` in <code>[#776](jpadilla/pyjwt#776) &lt;https://github.com/jpadilla/pyjwt/pull/776&gt;</code>__</li>
<li>Remove redundant wheel dep from pyproject.toml by <a href="https://github.com/mgorny"><code>`@​mgorny</code></a>` in <code>[#765](jpadilla/pyjwt#765) &lt;https://github.com/jpadilla/pyjwt/pull/765&gt;</code>__</li>
<li>Do not fail when an unusable key occurs by <a href="https://github.com/DaGuich"><code>`@​DaGuich</code></a>` in <code>[#762](jpadilla/pyjwt#762) &lt;https://github.com/jpadilla/pyjwt/pull/762&gt;</code>__</li>
<li>Update audience typing by <a href="https://github.com/JulianMaurin"><code>`@​JulianMaurin</code></a>` in <code>[#782](jpadilla/pyjwt#782) &lt;https://github.com/jpadilla/pyjwt/pull/782&gt;</code>__</li>
<li>Improve PyJWKSet error accuracy by <a href="https://github.com/JulianMaurin"><code>`@​JulianMaurin</code></a>` in <code>[#786](jpadilla/pyjwt#786) &lt;https://github.com/jpadilla/pyjwt/pull/786&gt;</code>__</li>
<li>Mypy as pre-commit check + api_jws typing by <a href="https://github.com/JulianMaurin"><code>`@​JulianMaurin</code></a>` in <code>[#787](jpadilla/pyjwt#787) &lt;https://github.com/jpadilla/pyjwt/pull/787&gt;</code>__</li>
</ul>
<p>Fixed</p>
<pre><code>
- Adjust expected exceptions in option merging tests for PyPy3 by `@mgorny` in `[#763](jpadilla/pyjwt#763) &lt;https://github.com/jpadilla/pyjwt/pull/763&gt;`__
- Fixes for pyright on strict mode by `@brandon-leapyear` in `[#747](jpadilla/pyjwt#747) &lt;https://github.com/jpadilla/pyjwt/pull/747&gt;`__
- docs: fix simple typo, iinstance -&gt; isinstance by `@timgates42` in `[#774](jpadilla/pyjwt#774) &lt;https://github.com/jpadilla/pyjwt/pull/774&gt;`__
- Fix typo: priot -&gt; prior by `@jdufresne` in `[#780](jpadilla/pyjwt#780) &lt;https://github.com/jpadilla/pyjwt/pull/780&gt;`__
- Fix for headers disorder issue by `@kadabusha` in `[#721](jpadilla/pyjwt#721) &lt;https://github.com/jpadilla/pyjwt/pull/721&gt;`__
<p>Added
</code></pre></p>
<ul>
<li>Add to_jwk static method to ECAlgorithm by <a href="https://github.com/leonsmith"><code>`@​leonsmith</code></a>` in <code>[#732](jpadilla/pyjwt#732) &lt;https://github.com/jpadilla/pyjwt/pull/732&gt;</code>__</li>
<li>Expose get_algorithm_by_name as new method by <a href="https://github.com/sirosen"><code>`@​sirosen</code></a>` in <code>[#773](jpadilla/pyjwt#773) &lt;https://github.com/jpadilla/pyjwt/pull/773&gt;</code>__</li>
<li>Add type hints to jwt/help.py and add missing types dependency by <a href="https://github.com/kkirsche"><code>`@​kkirsche</code></a>` in <code>[#784](jpadilla/pyjwt#784) &lt;https://github.com/jpadilla/pyjwt/pull/784&gt;</code>__</li>
<li>Add cacheing functionality for JWK set by <a href="https://github.com/wuhaoyujerry"><code>`@​wuhaoyujerry</code></a>` in <code>[#781](jpadilla/pyjwt#781) &lt;https://github.com/jpadilla/pyjwt/pull/781&gt;</code>__</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li>
</ul>
</details>
<br />


You can trigger a rebase of this PR by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

4746: Update pandas requirement from ~=1.5.0 to ~=1.5.1 r=jenshnielsen a=dependabot[bot]

Updates the requirements on [pandas](https://github.com/pandas-dev/pandas) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pandas-dev/pandas/releases">pandas's releases</a>.</em></p>
<blockquote>
<h2>Pandas 1.5.1</h2>
<p>This is a patch release in the 1.5.x series and includes some regression and bug fixes. We recommend that all users upgrade to this version.</p>
<p>See the <a href="https://pandas.pydata.org/pandas-docs/version/1.5.1/whatsnew/v1.5.1.html">full whatsnew</a> for a list of all the changes.</p>
<p>The release will be available on the defaults and conda-forge channels:</p>
<pre><code>conda install pandas
</code></pre>
<p>Or via PyPI:</p>
<pre><code>python3 -m pip install --upgrade pandas
</code></pre>
<p>Please report any issues with the release on the <a href="https://github.com/pandas-dev/pandas/issues">pandas issue tracker</a>.</p>
<p>Thanks to all the contributors who made this release possible.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pandas-dev/pandas/commit/91111fd99898d9dcaa6bf6bedb662db4108da6e6"><code>91111fd</code></a> RLS: 1.5.1</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/72863856504a4e906fc603f9e4624f251b614828"><code>7286385</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49162">#49162</a> on branch 1.5.x (PERF: Fix performance regression for isin...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/8429c50a279ba953514d1ca4d4a2bcef5e23ecc9"><code>8429c50</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49140">#49140</a> on branch 1.5.x (Revert &quot;PERF: faster corrwith method for ...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/5b036c1c35890c44531f796f5dca92796276b2b5"><code>5b036c1</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49137">#49137</a> on branch 1.5.x (WEB/DOC: Fix typo in OVH name) (<a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49138">#49138</a>)</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/ea971acb948d16e284a38292cd615a5eb7c055ab"><code>ea971ac</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/48770">#48770</a> on branch 1.5.x (added sytle in stylesheet for &lt;blockquote...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/27717a20061aaedda0d3e5de8461835e952c49f3"><code>27717a2</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49080">#49080</a> on branch 1.5.x (REGR: midx.values resetting freq of under...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/c58f2057b8c8a7fa79654c45a83c963c013a3aa3"><code>c58f205</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/48457">#48457</a> on branch 1.5.x (TST: Fix unsigned pyarrow types in SIGNED...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/072402b58cbd87c2106413a37213c0b6020e34b1"><code>072402b</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49053">#49053</a> on branch 1.5.x (REVERT caching in find_stack_level) (<a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49079">#49079</a>)</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/f9eebaf9de23aa9c5debdd86524615b22c23025f"><code>f9eebaf</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49072">#49072</a> on branch 1.5.x (BUG: redirect from meeting to community w...</li>
<li><a href="https://github.com/pandas-dev/pandas/commit/b8d2f461767e1e2124a08c17be69bf0f847c882e"><code>b8d2f46</code></a> Backport PR <a href="https://github-redirect.dependabot.com/pandas-dev/pandas/issues/49070">#49070</a> on branch 1.5.x (CI: Fix DeprecationWarning of numpy dev) ...</li>
<li>Additional commits viewable in <a href="https://github.com/pandas-dev/pandas/compare/v1.5.0...v1.5.1">compare view</a></li>
</ul>
</details>
<br />


You can trigger a rebase of this PR by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

4748: Bump scipy from 1.9.2 to 1.9.3 r=jenshnielsen a=dependabot[bot]

Bumps [scipy](https://github.com/scipy/scipy) from 1.9.2 to 1.9.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/scipy/scipy/releases">scipy's releases</a>.</em></p>
<blockquote>
<h1>SciPy 1.9.3 Release Notes</h1>
<p>SciPy <code>1.9.3</code> is a bug-fix release with no new features
compared to <code>1.9.2</code>.</p>
<h1>Authors</h1>
<ul>
<li>Jelle Aalbers (1)</li>
<li>Peter Bell (1)</li>
<li>Jake Bowhay (3)</li>
<li>Matthew Brett (3)</li>
<li>Evgeni Burovski (5)</li>
<li>drpeteb (1) +</li>
<li>Sebastian Ehlert (1) +</li>
<li>GavinZhang (1) +</li>
<li>Ralf Gommers (2)</li>
<li>Matt Haberland (15)</li>
<li>Lakshaya Inani (1) +</li>
<li>Joseph T. Iosue (1)</li>
<li>Nathan Jacobi (1) +</li>
<li>jmkuebler (1) +</li>
<li>Nikita Karetnikov (1) +</li>
<li>Lechnio (1) +</li>
<li>Nicholas McKibben (1)</li>
<li>Andrew Nelson (1)</li>
<li>o-alexandre-felipe (1) +</li>
<li>Tirth Patel (1)</li>
<li>Tyler Reddy (51)</li>
<li>Martin Reinecke (1)</li>
<li>Marie Roald (1) +</li>
<li>Pamphile Roy (2)</li>
<li>Eli Schwartz (1)</li>
<li>serge-sans-paille (1)</li>
<li>ehsan shirvanian (1) +</li>
<li>Mamoru TASAKA (1) +</li>
<li>Samuel Wallan (1)</li>
<li>Warren Weckesser (7)</li>
<li>Gavin Zhang (1) +</li>
</ul>
<p>A total of 31 people contributed to this release.
People with a &quot;+&quot; by their names contributed a patch for the first time.
This list of names is automatically generated, and may not be fully complete.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/scipy/scipy/commit/de80faf9d3480b9dbb9b888568b64499e0e70c19"><code>de80faf</code></a> REL: set 1.9.3 released [wheel build]</li>
<li><a href="https://github.com/scipy/scipy/commit/25e6b901077646cbdaf0a022ff63d55b2c40b114"><code>25e6b90</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17239">#17239</a> from tylerjereddy/treddy_backport_193</li>
<li><a href="https://github.com/scipy/scipy/commit/ba33e438f948d5e147755aff0e63f6a01f5bc676"><code>ba33e43</code></a> DOC: update 1.9.3 relnotes</li>
<li><a href="https://github.com/scipy/scipy/commit/92d892efaf689c1be970370cd9b33678482fb1fd"><code>92d892e</code></a> MAINT: Handle numpy's deprecation of accepting out-of-bound integers.</li>
<li><a href="https://github.com/scipy/scipy/commit/ba5f6daa1d855f43f9f0d19f51386285b2835ce8"><code>ba5f6da</code></a> MAINT: PR 17239 revisions</li>
<li><a href="https://github.com/scipy/scipy/commit/381089e753b42c26faf3fb689fc82f7a5c34c422"><code>381089e</code></a> DOC: update 1.9.3 relnotes</li>
<li><a href="https://github.com/scipy/scipy/commit/2db3440cfd768009847fb355f3da53fc8c562ea3"><code>2db3440</code></a> BLD: fix invalid shebang for build helper script</li>
<li><a href="https://github.com/scipy/scipy/commit/a9a6582a38e23f178ddaed874d1bc65de3313cb2"><code>a9a6582</code></a> DOC: stats.mode: add versionadded tag and correct order of keepdims descripti...</li>
<li><a href="https://github.com/scipy/scipy/commit/f4738889bd34d294cfcbd4aaed8c914fe961a0fd"><code>f473888</code></a> BLD: fix issue with incomplete threads dependency handling (<a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17200">#17200</a>)</li>
<li><a href="https://github.com/scipy/scipy/commit/5370f15752eef1f62773236704d6339fa4d4e99c"><code>5370f15</code></a> MAINT: update meson.build to make it work on IBM i system (<a href="https://github-redirect.dependabot.com/scipy/scipy/issues/17193">#17193</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/scipy/scipy/compare/v1.9.2...v1.9.3">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=scipy&package-manager=pip&previous-version=1.9.2&new-version=1.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Oct 21, 2022
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.6.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- bump up cryptography &gt;= 3.4.0 by @jpadilla in `[#807](jpadilla/pyjwt#807) &lt;https://github.com/jpadilla/pyjwt/pull/807&gt;`_
- Remove `types-cryptography` from `crypto` extra by @lautat in `[#805](jpadilla/pyjwt#805) &lt;https://github.com/jpadilla/pyjwt/pull/805&gt;`_
<p>Fixed</p>
<pre><code>
- Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &amp;lt;https://github.com/jpadilla/pyjwt/pull/797&amp;gt;`_
- fix: version 2.5.0 heading typo by @c0state in `[#803](jpadilla/pyjwt#803) &amp;lt;https://github.com/jpadilla/pyjwt/pull/803&amp;gt;`_

Added
</code></pre>
<ul>
<li>Adding validation for <code>issued_at</code> when <code>iat &amp;gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>@​sriharan16</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a>
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Oct 21, 2022
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.6.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- bump up cryptography &gt;= 3.4.0 by @jpadilla in `[#807](jpadilla/pyjwt#807) &lt;https://github.com/jpadilla/pyjwt/pull/807&gt;`_
- Remove `types-cryptography` from `crypto` extra by @lautat in `[#805](jpadilla/pyjwt#805) &lt;https://github.com/jpadilla/pyjwt/pull/805&gt;`_
<p>Fixed</p>
<pre><code>
- Invalidate token on the exact second the token expires `[#797](jpadilla/pyjwt#797) &amp;lt;https://github.com/jpadilla/pyjwt/pull/797&amp;gt;`_
- fix: version 2.5.0 heading typo by @c0state in `[#803](jpadilla/pyjwt#803) &amp;lt;https://github.com/jpadilla/pyjwt/pull/803&amp;gt;`_

Added
</code></pre>
<ul>
<li>Adding validation for <code>issued_at</code> when <code>iat &amp;gt; (now + leeway)</code> as <code>ImmatureSignatureError</code> by <a href="https://github.com/sriharan16"><code>@​sriharan16</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/794">jpadilla/pyjwt#794</a>
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/jpadilla/pyjwt/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant