blackroad-os/blackroad-operating-system
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/BlackRoad-Operating-System.git synced 2026-03-17 09:37:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: bump python-jose[cryptography] from 3.3.0 to 3.5.0 (#201)

Browse Source 
Bumps
[python-jose[cryptography]](https://github.com/mpdavis/python-jose) from
3.3.0 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mpdavis/python-jose/releases">python-jose[cryptography]'s
releases</a>.</em></p>
<blockquote>
<h2>3.5.0</h2>
<ul>
<li>Remove support for Python 3.8</li>
<li>Added support for Python 3.12 &amp; 3.13</li>
<li>Upgrade to pyasn1 0.5.1+</li>
<li>Upgrade to pytest and other dependencies</li>
<li>Add RTD config file to silence emailed deprecation warnings</li>
</ul>
<h3>Bug fixes and Improvements</h3>
<ul>
<li>Remove get_random_bytes from cryptography backend</li>
<li>Do not use <code>utc_now</code> on module level</li>
<li>Remove key data (sensitive information) from JWKError
exceptions</li>
<li>Added possibility to call jwk.construct() with a private RSA
key</li>
</ul>
<p><a
href="https://pypi.org/project/python-jose/3.5.0/">https://pypi.org/project/python-jose/3.5.0/</a></p>
<h2>3.4.0</h2>
<h3>News</h3>
<ul>
<li>Remove support for Python 3.6 and 3.7</li>
<li>Added support for Python 3.10 and 3.11</li>
</ul>
<h3>Bug fixes and Improvements</h3>
<ul>
<li>Updating <code>CryptographyAESKey::encrypt</code> to generate 96 bit
IVs for GCM block
cipher mode</li>
<li>Fix for PEM key comparisons caused by line lengths and new
lines</li>
<li>Fix for CVE-2024-33664 - JWE limited to 250KiB</li>
<li>Fix for CVE-2024-33663 - signing JWT with public key is now
forbidden</li>
<li>Replace usage of deprecated datetime.utcnow() with
datetime.now(UTC)</li>
</ul>
<h3>Housekeeping</h3>
<ul>
<li>Updated Github Actions Workflows</li>
<li>Updated to use tox 4.x</li>
<li>Revise codecov integration</li>
<li>Fixed DeprecationWarnings</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mpdavis/python-jose/blob/master/CHANGELOG.md">python-jose[cryptography]'s
changelog</a>.</em></p>
<blockquote>
<h2>3.5.0 -- 2025-05-28</h2>
<h3>News</h3>
<ul>
<li>Remove support for Python 3.8</li>
<li>Added support for Python 3.12 &amp; 3.13</li>
<li>Upgrade to pyasn1 0.5.1+</li>
<li>Upgrade to pytest and other dependencies</li>
<li>Add RTD config file to silence emailed deprecation warnings</li>
</ul>
<h3>Bug fixes and Improvements</h3>
<ul>
<li>Remove get_random_bytes from cryptography backend</li>
<li>Do not use <code>utc_now</code> on module level</li>
<li>Remove key data (sensitive information) from JWKError
exceptions</li>
<li>Added possibility to call jwk.construct() with a private RSA
key</li>
</ul>
<h2>3.4.0 -- 2025-02-14</h2>
<h3>News</h3>
<ul>
<li>Remove support for Python 3.6 and 3.7</li>
<li>Added support for Python 3.10 and 3.11</li>
</ul>
<h3>Bug fixes and Improvements</h3>
<ul>
<li>Updating <code>CryptographyAESKey::encrypt</code> to generate 96 bit
IVs for GCM block
cipher mode</li>
<li>Fix for PEM key comparisons caused by line lengths and new
lines</li>
<li>Fix for CVE-2024-33664 - JWE limited to 250KiB</li>
<li>Fix for CVE-2024-33663 - signing JWT with public key is now
forbidden</li>
<li>Replace usage of deprecated datetime.utcnow() with
datetime.now(UTC)</li>
</ul>
<h3>Housekeeping</h3>
<ul>
<li>Updated Github Actions Workflows</li>
<li>Updated to use tox 4.x</li>
<li>Revise codecov integration</li>
<li>Fixed DeprecationWarnings</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="018b310ddb"><code>018b310</code></a>
Prepare release 3.5.0 (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/388">#388</a>)</li>
<li><a
href="393c37476c"><code>393c374</code></a>
Improve jwt.decode key doc (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/198">#198</a>)</li>
<li><a
href="50d43908ff"><code>50d4390</code></a>
utils.py: fix types in docstrings for base64url_encode/decode (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/269">#269</a>)</li>
<li><a
href="8fd0b63186"><code>8fd0b63</code></a>
Add RTD config file to silence emailed deprecation warnings (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/333">#333</a>)</li>
<li><a
href="6f03385e53"><code>6f03385</code></a>
Added possibility to call jwk.construct() with a private key (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/295">#295</a>)</li>
<li><a
href="2f0aca6e2e"><code>2f0aca6</code></a>
Add python_requires arg to setup.cfg (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/273">#273</a>)</li>
<li><a
href="895777e04a"><code>895777e</code></a>
Updated pyasn version to match latest (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/338">#338</a>)</li>
<li><a
href="45bd1248f1"><code>45bd124</code></a>
Update jwk.py (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/328">#328</a>)</li>
<li><a
href="1f0ae0a208"><code>1f0ae0a</code></a>
docs: Fix a few typos (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/299">#299</a>)</li>
<li><a
href="ceaac3665d"><code>ceaac36</code></a>
Do not use <code>utc_now</code> on module level (<a
href="https://redirect.github.com/mpdavis/python-jose/issues/372">#372</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/mpdavis/python-jose/compare/3.3.0...3.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=python-jose[cryptography]&package-manager=pip&previous-version=3.3.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>
This commit is contained in:
Alexa Amundson
2026-03-15 20:27:52 -05:00
committed by GitHub
parent 761bd19474 86fa477cce
commit 099b06aa0d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/requirements.txt
View File

@@ -11,7 +11,7 @@ asyncpg==0.29.0
aiosqlite==0.19.0 aiosqlite==0.19.0
# Authentication & Security # Authentication & Security
python-jose[cryptography]==3.3.0 python-jose[cryptography]==3.5.0
passlib[bcrypt]==1.7.4 passlib[bcrypt]==1.7.4
bcrypt==4.1.1 bcrypt==4.1.1
pyjwt==2.11.0 pyjwt==2.11.0