Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-PyJWT for openSUSE:Factory checked in at 2026-03-20 21:19:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyJWT (Old) and /work/SRC/openSUSE:Factory/.python-PyJWT.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyJWT" Fri Mar 20 21:19:54 2026 rev:38 rq:1341429 version:2.12.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyJWT/python-PyJWT.changes 2025-10-28 14:45:26.600105048 +0100 +++ /work/SRC/openSUSE:Factory/.python-PyJWT.new.8177/python-PyJWT.changes 2026-03-20 21:20:21.810888495 +0100 @@ -1,0 +2,70 @@ +Wed Mar 18 15:31:55 UTC 2026 - Matej Cepl <[email protected]> + +- Skip failing tests (gh#jpadilla/pyjwt#1153) +- Update to 2.12.1: + - Add missing typing_extensions dependency for Python < 3.11 in + #1150 +- Update to 2.12.0: + - Fixed + - Annotate PyJWKSet.keys for pyright by @tamird in #1134 + - Close HTTPError response to prevent ResourceWarning on + Python 3.14 by @veeceey in #1133 + - Do not keep algorithms dict in PyJWK instances by @akx in + #1143 + - Validate the crit (Critical) Header Parameter defined in + RFC 7515 ยง4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f + (bsc#1259616, CVE-2026-32597). + - Use PyJWK algorithm when encoding without explicit + algorithm in #1148 + - Added + - Docs: Add PyJWKClient API reference and document the + two-tier caching system (JWK Set cache and signing key LRU + cache). v2.11.0 + - Fixed + - Enforce ECDSA curve validation per RFC 7518 Section 3.4. + - Fix build system warnings by @kurtmckee in #1105 + - Validate key against allowed types for Algorithm family in + #964 + - Add iterator for JWKSet in #1041 + - Validate iss claim is a string during encoding and decoding + by @pachewise in #1040 + - Improve typing/logic for options in decode, decode_complete + by @pachewise in #1045 + - Declare float supported type for lifespan and timeout by + @nikitagashkov in #1068 + - Fix SyntaxWarnings/DeprecationWarnings caused by invalid + escape sequences by @kurtmckee in #1103 + - Development: Build a shared wheel once to speed up test + suite setup times by @kurtmckee in #1114 + - Development: Test type annotations across all supported + Python versions, increase the strictness of the type + checking, and remove the mypy pre-commit hook by @kurtmckee + in #1112 + - Added + - Support Python 3.14, and test against PyPy 3.10 and 3.11 by + @kurtmckee in #1104 + - Development: Migrate to build to test package building in + CI by @kurtmckee in #1108 + - Development: Improve coverage config and eliminate unused + test suite code by @kurtmckee in #1115 + - Docs: Standardize CHANGELOG links to PRs by @kurtmckee in + #1110 + - Docs: Fix Read the Docs builds by @kurtmckee in #1111 + - Docs: Add example of using leeway with nbf by @djw8605 in + #1034 + - Docs: Refactored docs with autodoc; added PyJWS and + jwt.algorithms docs by @pachewise in #1045 + - Docs: Documentation improvements for "sub" and "jti" claims + by @cleder in #1088 + - Development: Add pyupgrade as a pre-commit hook by + @kurtmckee in #1109 + - Add minimum key length validation for HMAC and RSA keys + (CWE-326). Warns by default via InsecureKeyLengthWarning + when keys are below minimum recommended lengths per RFC + 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass + enforce_minimum_key_length=True in options to PyJWT or + PyJWS to raise InvalidKeyError instead. + - Refactor PyJWT to own an internal PyJWS instance instead of + calling global api_jws functions. + +------------------------------------------------------------------- @@ -528 +597,0 @@ - Old: ---- pyjwt-2.10.1.tar.gz New: ---- pyjwt-2.12.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyJWT.spec ++++++ --- /var/tmp/diff_new_pack.t5PfHT/_old 2026-03-20 21:20:22.414913659 +0100 +++ /var/tmp/diff_new_pack.t5PfHT/_new 2026-03-20 21:20:22.418913826 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-PyJWT # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,17 +18,22 @@ %{?sle15_python_module_pythons} Name: python-PyJWT -Version: 2.10.1 +Version: 2.12.1 Release: 0 Summary: JSON Web Token implementation in Python License: MIT Group: Development/Languages/Python URL: https://github.com/progrium/pyjwt Source: https://files.pythonhosted.org/packages/source/p/pyjwt/pyjwt-%{version}.tar.gz +# Patch0: skip-tests-incompatible-with-opensuse-toolchain.patch +BuildRequires: %{python_module Sphinx} BuildRequires: %{python_module cryptography >= 3.4} BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} +BuildRequires: %{python_module sphinx_rtd_theme} +BuildRequires: %{python_module typing_extensions if %python-base < 3.11} BuildRequires: %{python_module wheel} +BuildRequires: %{python_module zope.interface} BuildRequires: fdupes BuildRequires: python-rpm-macros Recommends: python-cryptography >= 3.4 @@ -39,7 +44,7 @@ A Python implementation of JSON Web Token draft 01. %prep -%setup -q -n pyjwt-%{version} +%autosetup -p1 -n pyjwt-%{version} %build %pyproject_wheel @@ -55,6 +60,8 @@ donttest="test_verify_false_deprecated or test_get_jwt_set_sslcontext_default" # Failing test: gh#jpadilla/pyjwt#802 donttest+=" or test_ec_to_jwk_with_invalid_curve" +# compatibility with cryptography gh#jpadilla/pyjwt#1153 +donttest+=" or test_ec_curve_validation_rejects_p192_for_es256 or test_ec_curve_validation_with_pem_key or test_decodes_complete_valid_jwt_with_compressed_payload" %pytest -k "not ($donttest)" %files %{python_files} ++++++ pyjwt-2.10.1.tar.gz -> pyjwt-2.12.1.tar.gz ++++++ ++++ 6808 lines of diff (skipped)
