Skip to content

fix(deps): bump joserfc from 1.0.4 to 1.1.0#121

Merged
dependabot[bot] merged 1 commit into
mainfrom
dependabot/pip/joserfc-1.1.0
Jun 6, 2025
Merged

fix(deps): bump joserfc from 1.0.4 to 1.1.0#121
dependabot[bot] merged 1 commit into
mainfrom
dependabot/pip/joserfc-1.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 26, 2025
edited
Loading

Bumps joserfc from 1.0.4 to 1.1.0.

Release notes

Sourced from joserfc's releases.

1.1.0

   🚨 Breaking Changes

  • Use ECKey.binding.register_curve to register new supported curves.  -  by @​lepture (04dd9)

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Changelog

Sourced from joserfc's changelog.

1.1.0

Released on May 24, 2025

  • Use "import as" to prioritize the modules for editors.
  • Added parameter encoder_cls for jwt.encode and decoder_cls for jwt.decode.
  • Added none algorithm for JWS.
  • Added jwk.import_key and jwk.generate_key aliases.

Breaking changes:

  • Use ECKey.binding.register_curve to register new supported curves.
  • Use UnsupportedAlgorithmError instead of ValueError in JWS/JWE registry.
  • Use MissingKeyTypeError and InvalidKeyIdError for errors in JWK.
  • Use UnsupportedHeaderError, MissingHeaderError, and MissingCritHeaderError for header validation.
  • Respect RFC6749 character set in error descriptions.
Commits
  • 68df43f chore: release 1.1.0
  • a3da19d fix: remove useless catching binascii.Error
  • e2520a5 tests: add more test cases for UnsupportedAlgorithmError
  • 3555fe5 fix: raise MissingKeyError when import empty key set. #35
  • eafa07e fix: update default value type hints for BaseKey.get method, #52
  • 48a3a71 feat: Export import_key and generate_key methods
  • 8cf217d chore: Potential fix for code scanning alert no. 4: Workflow does not contain...
  • e2af045 fix: cleanup useless code in joserfc.util
  • 28f584a fix: cleanup joserfc.util
  • b1e16e1 refactor: update urlsafe_b64decode function
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 26, 2025
@dependabot dependabot Bot requested a review from a team as a code owner May 26, 2025 02:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 26, 2025
@Filip1x9
Copy link
Copy Markdown
Contributor

Filip Andonie (Filip1x9) commented Jun 6, 2025

Dependabot (@dependabot) rebase

@dependabot
fix(deps): bump joserfc from 1.0.4 to 1.1.0
bd8c112 
Bumps [joserfc](https://github.com/authlib/joserfc) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/authlib/joserfc/releases)
- [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst)
- [Commits](authlib/joserfc@1.0.4...1.1.0)

---
updated-dependencies:
- dependency-name: joserfc
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/joserfc-1.1.0 branch from cf73be1 to bd8c112 Compare June 6, 2025 09:46
@Filip1x9
Copy link
Copy Markdown
Contributor

Filip Andonie (Filip1x9) commented Jun 6, 2025

Dependabot (@dependabot) squash and merge

@dependabot dependabot Bot merged commit fe8c787 into main Jun 6, 2025
9 checks passed
@dependabot dependabot Bot deleted the dependabot/pip/joserfc-1.1.0 branch June 6, 2025 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Filip1x9 Filip Andonie (Filip1x9) Filip1x9 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Filip1x9