Skip to content

Update python-jose requirement from >=3.3.0 to >=3.5.0 in /orchestrator#75

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/orchestrator/python-jose-gte-3.5.0
Open

Update python-jose requirement from >=3.3.0 to >=3.5.0 in /orchestrator#75
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/orchestrator/python-jose-gte-3.5.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updates the requirements on python-jose to permit the latest version.

Release notes

Sourced from python-jose's releases.

3.5.0

  • Remove support for Python 3.8
  • Added support for Python 3.12 & 3.13
  • Upgrade to pyasn1 0.5.1+
  • Upgrade to pytest and other dependencies
  • Add RTD config file to silence emailed deprecation warnings

Bug fixes and Improvements

  • Remove get_random_bytes from cryptography backend
  • Do not use utc_now on module level
  • Remove key data (sensitive information) from JWKError exceptions
  • Added possibility to call jwk.construct() with a private RSA key

https://pypi.org/project/python-jose/3.5.0/

Changelog

Sourced from python-jose's changelog.

3.5.0 -- 2025-05-28

News

  • Remove support for Python 3.8
  • Added support for Python 3.12 & 3.13
  • Upgrade to pyasn1 0.5.1+
  • Upgrade to pytest and other dependencies
  • Add RTD config file to silence emailed deprecation warnings

Bug fixes and Improvements

  • Remove get_random_bytes from cryptography backend
  • Do not use utc_now on module level
  • Remove key data (sensitive information) from JWKError exceptions
  • Added possibility to call jwk.construct() with a private RSA key

3.4.0 -- 2025-02-14

News

  • Remove support for Python 3.6 and 3.7
  • Added support for Python 3.10 and 3.11

Bug fixes and Improvements

  • Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block cipher mode
  • Fix for PEM key comparisons caused by line lengths and new lines
  • Fix for CVE-2024-33664 - JWE limited to 250KiB
  • Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
  • Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

  • Updated Github Actions Workflows
  • Updated to use tox 4.x
  • Revise codecov integration
  • Fixed DeprecationWarnings

3.3.0 -- 2021-06-04

News

  • Remove support for python 2.7 & 3.5
  • Add support for Python 3.9
  • Remove PyCrypto backend
  • Fix deprecation warning from cryptography backend

Housekeeping

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot @github

dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from NihadMemmedli as a code owner April 26, 2026 17:13
@dependabot
Update python-jose requirement from >=3.3.0 to >=3.5.0 in /orchestrator
82bb84b 
Updates the requirements on [python-jose](https://github.com/mpdavis/python-jose) to permit the latest version.
- [Release notes](https://github.com/mpdavis/python-jose/releases)
- [Changelog](https://github.com/mpdavis/python-jose/blob/master/CHANGELOG.md)
- [Commits](mpdavis/python-jose@3.3.0...3.5.0)

---
updated-dependencies:
- dependency-name: python-jose
  dependency-version: 3.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/orchestrator/python-jose-gte-3.5.0 branch from 691445d to 82bb84b Compare May 17, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NihadMemmedli NihadMemmedli Awaiting requested review from NihadMemmedli NihadMemmedli is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants