fix(deps): bump joserfc from 1.1.0 to 1.2.0

[dependabot]

Bumps joserfc from 1.1.0 to 1.2.0.

Release notes

Sourced from joserfc's releases.

1.2.0

   🚨 Breaking Changes

• Make rfc folders private  -  by @​lepture (b9379)
• Remove deprecated guessing key from bytes and string  -  by @​lepture (fc343)

   🚀 Features

• Add RFC 9278 JWK thumbprint URI  -  by @​lepture (e3ffa)

   🐞 Bug Fixes

• Export DictKey type in jwk  -  by @​lepture (056b2)
• Adding all for rfc7515 and rfc7516  -  by @​lepture (1c2be)
• Warning about draft-ietf-jose-deprecate-none-rsa15-02  -  by @​lepture (b8297)
• Warn about weak key size for OctKey and RSAKey  -  by @​lepture (115b5)

    View changes on GitHub

Changelog

Sourced from joserfc's changelog.

1.2.0

Released on July 7, 2025

• Added RFC9278 JWK Thumbprint URI thumbprint_uri.
• Show security warnings for none and RSA1_5 algorithms.
• Show security warnings for OctKey.generate_key and RSAKey.generate_key. when key size is too short, per NIST SP 800-131A_.

.. _NIST SP 800-131A: https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final

Breaking changes:

• Enable "RFC7797" by default, use the joserfc.jws module directly.
  • Use joserfc.jws.serialize_compact instead of joserfc.rfc7797.serialize_compact
  • Use joserfc.jws.deserialize_compact instead of joserfc.rfc7797.deserialize_compact
  • Use joserfc.jws.serialize_json instead of joserfc.rfc7797.serialize_json
  • Use joserfc.jws.deserialize_json instead of joserfc.rfc7797.deserialize_json
• Convert joserfc.rfcXXXX to private modules joserfc._rfcXXXX.

Commits

• 8ced1fd chore: release 1.2.0
• 11dbee6 docs: update docstring for thumbprint and thumbprint_uri
• 2c242f5 docs: update algorithm docs, fix #61
• 480a17f docs: add key.thumbprint_uri docs
• 5a7c23f chore: remove python 3.14
• 389f612 chore: fix lint errors
• e3ffa7d feat: add RFC 9278 JWK thumbprint URI
• 727ac55 docs: update algorithms docs
• 8197d96 chore: start testing python 3.14
• cc479a3 chore: update code style
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Filip Andonie (Filip1x9)]

Dependabot (@dependabot) merge