chore(deps): bump pyjwt from 2.10.1 to 2.11.0

[dependabot]

Bumps pyjwt from 2.10.1 to 2.11.0.

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

• Fixed type error in comment by @​shuhaib-aot in jpadilla/pyjwt#1026
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1018
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1033
• Make note of use of leeway with nbf by @​djw8605 in jpadilla/pyjwt#1034
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1035
• Fixes #964: Validate key against allowed types for Algorithm family by @​pachewise in jpadilla/pyjwt#985
• Feat #1024: Add iterator for PyJWKSet by @​pachewise in jpadilla/pyjwt#1041
• Fixes #1039: Add iss, issuer type checks by @​pachewise in jpadilla/pyjwt#1040
• Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @​pachewise in jpadilla/pyjwt#1045
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1042
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1052
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1053
• Fix #1022: Map algorithm=None to "none" by @​qqii in jpadilla/pyjwt#1056
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1055
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1058
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1060
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1061
• Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @​khvn26 in jpadilla/pyjwt#1048
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1062
• Fixed doc string typo in _validate_jti() function #1063 by @​kuldeepkhatke in jpadilla/pyjwt#1064
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1065
• Update SECURITY.md by @​auvipy in jpadilla/pyjwt#1057
• Typing fix: use float instead of int for lifespan and timeout by @​nikitagashkov in jpadilla/pyjwt#1068
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1067
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1071
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1076
• Fix TYP header documentation by @​fobiasmog in jpadilla/pyjwt#1046
• doc: Document claims sub and jti by @​cleder in jpadilla/pyjwt#1088
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1077
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1089
• Bump actions/stale from 8 to 10 by @​dependabot[bot] in jpadilla/pyjwt#1090
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jpadilla/pyjwt#1083
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1091
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1093
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1096
• Resolve package build warnings by @​kurtmckee in jpadilla/pyjwt#1105
• Support Python 3.14, and test against PyPy 3.10+ by @​kurtmckee in jpadilla/pyjwt#1104
• Fix a SyntaxWarning caused by invalid escape sequences by @​kurtmckee in jpadilla/pyjwt#1103
• Standardize CHANGELOG links to PRs by @​kurtmckee in jpadilla/pyjwt#1110
• Migrate from pep517, which is deprecated, to build by @​kurtmckee in jpadilla/pyjwt#1108
• Fix incorrectly-named test suite function by @​kurtmckee in jpadilla/pyjwt#1116
• Fix Read the Docs builds by @​kurtmckee in jpadilla/pyjwt#1111
• Bump actions/download-artifact from 4 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1118
• Escalate test suite warnings to errors by @​kurtmckee in jpadilla/pyjwt#1107
• Add pyupgrade as a pre-commit hook by @​kurtmckee in jpadilla/pyjwt#1109
• Simplify the test suite decorators by @​kurtmckee in jpadilla/pyjwt#1113
• Improve coverage config and eliminate unused test suite code by @​kurtmckee in jpadilla/pyjwt#1115
• Build a shared wheel once in the test suite by @​kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added

• Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
• Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
• Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
• Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
• Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
• Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
• Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
• Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
• Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

• 697344d bump up version
• e4d0aec fix: pre-commit
• df9a6a0 fix: failing test
• 2b2e53c fix: docs
• 635c8d8 fix: failing mypy
• 96ae356 feat: add minimum key length validation for HMAC and RSA
• 5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
• 04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
• dd44834 Fix leeway value in usage documentation (#1124)
• 407f0bd Thoroughly test type annotations, and resolve errors (#1112)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

The code review did not highlight any significant issues. The changes in the diff are an update from pyjwt 2.10.1 to 2.11.0, and this change doesn't affect the rest of the codebase based on this diff. If all tests pass and dependent code functionalities work as expected with this new updated package version, the change can be approved.

[codecov]

You've updated pyjwt from version 2.10.1 to 2.11.0. Ensure that this update doesn't introduce any breaking changes to your application. Review the package's changelog and if possible, test the dependent functionalities with this new version before merging.

[codecov]

The changes in the Git diff are isolated to the requirements file, specifically a single dependency - PyJWT. There are no issues with the code, but it is important to carefully test integration whenever dependencies are updated.

[codecov]

This line updates the version of PyJWT. When updating versions of dependencies, make sure to verify compatibility with the remaining code. Ensure to run all the tests after updating the package and, if possible, check the changelogs of the dependency for any breaking changes before updating.

[codecov]

This is a routine update from pyjwt==2.10.1 to pyjwt==2.11.0, which overall appears to be well-formed. No major issues are found in this diff, it has followed a proper method and syntax to ensure that the requirement is updated correctly. However, a verification of necessity is needed before making this kind of update as it can potentially introduce compatibility issues if the rest of the codebase is not adapted properly.

[codecov]

Update from pyjwt==2.10.1 to pyjwt==2.11.0. Make sure this update doesn't introduce any breaking changes if there are dependencies in the application that require the older version. Also, ensure to have tested this thoroughly with the rest of the application.

[codecov]

The reviewed code changes contain an update to a package version in the project's requirements.txt file. Specifically, the pyjwt package has been upgraded from version 2.10.1 to version 2.11.0. Generally, such updates are essential to benefit from bug fixes, enhancements, or new features provided by the new version. However, it is essential to ensure that this update does not break any existing functionality or introduce any vulnerability. To improve the quality of this change, you are suggested to perform regression tests or integration tests and scan for any vulnerabilities if not done before.

[codecov]

I see here that the pyjwt package has been updated from version 2.10.1 to version 2.11.0. It's vital to ensure this update does not break any existing code, so I recommend running the full test suite to check for any breakages. Additionally, it's a good idea to check pyjwt's changelog for this version to understand what updates this new version brings and if there are any known issues to be aware of.