Bump pyjwt from 2.3.0 to 2.4.0

[dependabot]

Bumps pyjwt from 2.3.0 to 2.4.0.

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24

What's Changed

• Add support for Python 3.10 by @​hugovk in jpadilla/pyjwt#699
• Don't use implicit optionals by @​rekyungmin in jpadilla/pyjwt#705
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#708
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#710
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#711
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#712
• documentation fix: show correct scope for decode_complete() by @​sseering in jpadilla/pyjwt#661
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#716
• Explicit check the key for ECAlgorithm by @​estin in jpadilla/pyjwt#713
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#720
• api_jwk: Add PyJWKSet.getitem by @​woodruffw in jpadilla/pyjwt#725
• Update usage.rst by @​guneybilen in jpadilla/pyjwt#727
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#728
• fix: Update copyright information by @​kkirsche in jpadilla/pyjwt#729
• Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @​dmahr1 in jpadilla/pyjwt#734
• Fixed typo in usage.rst by @​israelabraham in jpadilla/pyjwt#738
• Add detached payload support for JWS encoding and decoding by @​fviard in jpadilla/pyjwt#723
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#740
• Raise DeprecationWarning for jwt.decode(verify=...) by @​akx in jpadilla/pyjwt#742
• Don't mutate options dictionary in .decode_complete() by @​akx in jpadilla/pyjwt#743
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#748
• Replace various string interpolations with f-strings by @​akx in jpadilla/pyjwt#744
• Update CHANGELOG.rst by @​hipertracker in jpadilla/pyjwt#751

New Contributors

• @​hugovk made their first contribution in jpadilla/pyjwt#699
• @​rekyungmin made their first contribution in jpadilla/pyjwt#705
• @​sseering made their first contribution in jpadilla/pyjwt#661
• @​estin made their first contribution in jpadilla/pyjwt#713
• @​woodruffw made their first contribution in jpadilla/pyjwt#725
• @​guneybilen made their first contribution in jpadilla/pyjwt#727
• @​dmahr1 made their first contribution in jpadilla/pyjwt#734
• @​israelabraham made their first contribution in jpadilla/pyjwt#738
• @​fviard made their first contribution in jpadilla/pyjwt#723
• @​akx made their first contribution in jpadilla/pyjwt#742
• @​hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security

- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added


Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

</code></pre>

</blockquote>

</details>

<details>

<summary>Commits</summary>

<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[inmantaci]

Processing this pull request

[inmantaci]

Merged into branches master in 0dcd776

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.