Skip to content

build(deps-dev): bump pyjwt[crypto] from 2.8.0 to 2.10.1 in /clients/client-python#8855

Merged
jerryshao merged 1 commit intomainfrom
dependabot/pip/clients/client-python/pyjwt-crypto--2.10.1
Oct 22, 2025
Merged

build(deps-dev): bump pyjwt[crypto] from 2.8.0 to 2.10.1 in /clients/client-python#8855
jerryshao merged 1 commit intomainfrom
dependabot/pip/clients/client-python/pyjwt-crypto--2.10.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 20, 2025

Bumps pyjwt[crypto] from 2.8.0 to 2.10.1.

Release notes

Sourced from pyjwt[crypto]'s releases.

2.10.1

Fixed

Full Changelog: jpadilla/pyjwt@2.10.0...2.10.1

2.10.0

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.9.0...2.10.0

... (truncated)

Changelog

Sourced from pyjwt[crypto]'s changelog.

v2.10.1 <https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1>__

Fixed


- Prevent partial matching of `iss` claim by @fabianbadoi in `GHSA-75c5-xw7c-p5pm <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__

v2.10.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0&gt;__


Changed

  • Remove algorithm requirement from JWT API, instead relying on JWS API for enforcement, by @​luhn in [#975](https://github.com/jpadilla/pyjwt/issues/975) <https://github.com/jpadilla/pyjwt/pull/975>__

  • Use Sequence for parameter types rather than List where applicable by @​imnotjames in [#970](https://github.com/jpadilla/pyjwt/issues/970) <https://github.com/jpadilla/pyjwt/pull/970>__

  • Add JWK support to JWT encode by @​luhn in [#979](https://github.com/jpadilla/pyjwt/issues/979) <https://github.com/jpadilla/pyjwt/pull/979>__

  • Encoding and decoding payloads using the none algorithm by @​jpadilla in #c2629f6 <https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16>

    Before:

    .. code-block:: pycon

    import jwt jwt.encode({"payload": "abc"}, key=None, algorithm=None)

    After:

    .. code-block:: pycon

    import jwt jwt.encode({"payload": "abc"}, key=None, algorithm="none")

  • Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in tokens by @​Divan009 in [#1005](https://github.com/jpadilla/pyjwt/issues/1005) <https://github.com/jpadilla/pyjwt/pull/1005>__

  • Refactor project configuration files from setup.cfg to pyproject.toml by @​cleder in [#995](https://github.com/jpadilla/pyjwt/issues/995) <https://github.com/jpadilla/pyjwt/pull/995>__

  • Ruff linter and formatter changes by @​gagandeepp in [#1001](https://github.com/jpadilla/pyjwt/issues/1001) <https://github.com/jpadilla/pyjwt/pull/1001>__

  • Drop support for Python 3.8 (EOL) by @​kkirsche in [#1007](https://github.com/jpadilla/pyjwt/issues/1007) <https://github.com/jpadilla/pyjwt/pull/1007>__

Fixed


- Encode EC keys with a fixed bit length by @etianen in `[#990](https://github.com/jpadilla/pyjwt/issues/990) <https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by @kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977) <https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @pachewise in `[#974](https://github.com/jpadilla/pyjwt/issues/974) <https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in `[#982](https://github.com/jpadilla/pyjwt/issues/982) <https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in `[#986](https://github.com/jpadilla/pyjwt/issues/986) <https://github.com/jpadilla/pyjwt/pull/986>`__
</tr></table>

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump pyjwt[crypto] in /clients/client-python
7c140bb 
Bumps [pyjwt[crypto]](https://github.com/jpadilla/pyjwt) from 2.8.0 to 2.10.1.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](jpadilla/pyjwt@2.8.0...2.10.1)

---
updated-dependencies:
- dependency-name: pyjwt[crypto]
  dependency-version: 2.10.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file minor python Pull requests that update python code labels Oct 20, 2025
@jerryshao
Copy link
Contributor

jerryshao commented Oct 21, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 21, 2025

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@jerryshao jerryshao closed this Oct 21, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 21, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@jerryshao jerryshao reopened this Oct 21, 2025
@jerryshao jerryshao merged commit 741880f into main Oct 22, 2025
56 of 57 checks passed
@dependabot dependabot bot deleted the dependabot/pip/clients/client-python/pyjwt-crypto--2.10.1 branch October 22, 2025 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jerryshao jerryshao jerryshao approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file minor python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jerryshao