linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb, branch wrynoseMirror of git.openembedded.org/meta-openembeddedhttps://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=wrynose2026-02-05T04:53:30+00:00python3-pyjwt: upgrade 2.10.1 -> 2.11.02026-02-05T04:53:30+00:00Gyorgy Sarvariskandigraun@gmail.com2026-02-02T16:37:13+00:00urn:sha1:9205d2c95eaccfd780ce6a61362e9f58395dd6ae
Changelog: https://github.com/jpadilla/pyjwt/releases/tag/2.11.0
- Fixed type error in comment
- Make note of use of leeway with nbf
- Validate key against allowed types for Algorithm family
- Add iterator for PyJWKSet
- Add iss, issuer type checks
- Improve typing/logic for options in decode, decode_complete; Improve docs
- Map algorithm=None to "none"
- Correct PyJWKClient.get_signing_key_from_jwt annotation
- Fixed doc string typo in _validate_jti() function
- Update SECURITY.md
- Typing fix: use float instead of int for lifespan and timeout
- Fix TYP header documentation
- doc: Document claims sub and jti
- Resolve package build warnings
- Support Python 3.14, and test against PyPy 3.10+
- Fix a SyntaxWarning caused by invalid escape sequences
- Standardize CHANGELOG links to PRs
- Migrate from pep517, which is deprecated, to build
- Fix incorrectly-named test suite function
- Fix Read the Docs builds
- Escalate test suite warnings to errors
- Add pyupgrade as a pre-commit hook
- Simplify the test suite decorators
- Improve coverage config and eliminate unused test suite code
- Build a shared wheel once in the test suite
- Thoroughly test type annotations, and resolve errors
- Fix leeway value in usage documentation
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-pyjwt: ignore CVE-2025-457682026-02-05T04:53:30+00:00Gyorgy Sarvariskandigraun@gmail.com2026-02-02T16:37:12+00:00urn:sha1:3988e13c0abc4f032ffb8909eef273f3ee1c48b7
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768
The CVE is disputed: though the vulnerability is there, but it comes
from incorrect configuration of the library by the main application.
Due to this, ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-pyjwt: set CVE_PRODUCT2025-12-31T16:28:54+00:00Gyorgy Sarvariskandigraun@gmail.com2025-12-30T14:29:01+00:00urn:sha1:5ec4458878a1ae2cdd59e0950464ecaa5e07b2dc
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the
defauly python:pyjwt CPE doesn't match them.
See CVE db query:
sqlite> select * from products where PRODUCT like '%pyjwt%';
CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<=
CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|<
CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=||
CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=||
Set the CVE_PRODUCT so it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Use https:// in HOMEPAGE variable instead of http://2025-03-26T01:32:07+00:00Jason Schonbergschonm@gmail.com2025-03-25T18:59:59+00:00urn:sha1:37e9b17b1e1655b743d42c5f0a574dde08853b20
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
python3-pyjwt: upgrade 2.9.0 -> 2.10.12024-12-22T00:22:43+00:00Tom Geelent.f.g.geelen@gmail.com2024-12-21T22:57:04+00:00urn:sha1:97fe5a3abbab9bdaf87694f1bab7a20cb3fca1bf
Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>