Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-PyJWT for openSUSE:Factory
checked in at 2022-10-29 20:16:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-PyJWT (Old)
and /work/SRC/openSUSE:Factory/.python-PyJWT.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyJWT"
Sat Oct 29 20:16:08 2022 rev:26 rq:1032058 version:2.6.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-PyJWT/python-PyJWT.changes
2022-10-12 18:24:03.573569743 +0200
+++ /work/SRC/openSUSE:Factory/.python-PyJWT.new.2275/python-PyJWT.changes
2022-10-29 20:17:09.838228959 +0200
@@ -1,0 +2,18 @@
+Fri Oct 28 20:29:18 UTC 2022 - Matej Cepl <mc...@suse.com>
+
+- Clean up SPEC file.
+
+-------------------------------------------------------------------
+Thu Oct 27 21:01:10 UTC 2022 - Yogalakshmi Arunachalam <yarunacha...@suse.com>
+
+- Update to 2.6.0
+ Changed
+ * bump up cryptography >= 3.4.0 by @jpadilla in #807
+ * Remove types-cryptography from crypto extra by @lautat in #805
+ Fixed
+ * Invalidate token on the exact second the token expires #797
+ * fix: version 2.5.0 heading typo by @c0state in #803
+ Added
+ * Adding validation for issued_at when iat > (now + leeway) as
ImmatureSignatureError by @sriharan16 in #794
+
+-------------------------------------------------------------------
Old:
----
PyJWT-2.5.0.tar.gz
New:
----
PyJWT-2.6.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-PyJWT.spec ++++++
--- /var/tmp/diff_new_pack.clIh6t/_old 2022-10-29 20:17:10.282231324 +0200
+++ /var/tmp/diff_new_pack.clIh6t/_new 2022-10-29 20:17:10.290231367 +0200
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%global skip_python2 1
Name: python-PyJWT
-Version: 2.5.0
+Version: 2.6.0
Release: 0
Summary: JSON Web Token implementation in Python
License: MIT
@@ -54,11 +54,12 @@
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
-%python_expand PYTHONPATH=%{buildroot}%{$python_sitelib}
py.test-%{$python_bin_suffix} -o addopts="" -k "not
test_verify_false_deprecated"
+%pytest -k "not test_verify_false_deprecated"
%files %{python_files}
%license LICENSE
%doc AUTHORS.rst CHANGELOG.rst README.rst
-%{python_sitelib}/*
+%{python_sitelib}/jwt
+%{python_sitelib}/PyJWT-%{version}*-info
%changelog
++++++ PyJWT-2.5.0.tar.gz -> PyJWT-2.6.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/.pre-commit-config.yaml
new/PyJWT-2.6.0/.pre-commit-config.yaml
--- old/PyJWT-2.5.0/.pre-commit-config.yaml 2022-09-16 22:01:01.000000000
+0200
+++ new/PyJWT-2.6.0/.pre-commit-config.yaml 2022-10-20 02:40:43.000000000
+0200
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/psf/black
- rev: 22.6.0
+ rev: 22.10.0
hooks:
- id: black
args: ["--target-version=py37"]
@@ -36,6 +36,6 @@
args: [--no-build-isolation]
- repo: https://github.com/pre-commit/mirrors-mypy
- rev: "v0.971"
+ rev: "v0.982"
hooks:
- id: mypy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/CHANGELOG.rst
new/PyJWT-2.6.0/CHANGELOG.rst
--- old/PyJWT-2.5.0/CHANGELOG.rst 2022-09-17 15:52:33.000000000 +0200
+++ new/PyJWT-2.6.0/CHANGELOG.rst 2022-10-20 03:08:19.000000000 +0200
@@ -4,7 +4,7 @@
All notable changes to this project will be documented in this file.
This project adheres to `Semantic Versioning <https://semver.org/>`__.
-`Unreleased <https://github.com/jpadilla/pyjwt/compare/2.5.0...HEAD>`__
+`Unreleased <https://github.com/jpadilla/pyjwt/compare/2.6.0...HEAD>`__
-----------------------------------------------------------------------
Changed
@@ -16,7 +16,26 @@
Added
~~~~~
-`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>`__
+`v2.6.0 <https://github.com/jpadilla/pyjwt/compare/2.5.0...2.6.0>`__
+-----------------------------------------------------------------------
+
+Changed
+~~~~~~~
+
+- bump up cryptography >= 3.4.0 by @jpadilla in `#807
<https://github.com/jpadilla/pyjwt/pull/807>`_
+- Remove `types-cryptography` from `crypto` extra by @lautat in `#805
<https://github.com/jpadilla/pyjwt/pull/805>`_
+
+Fixed
+~~~~~
+
+- Invalidate token on the exact second the token expires `#797
<https://github.com/jpadilla/pyjwt/pull/797>`_
+- fix: version 2.5.0 heading typo by @c0state in `#803
<https://github.com/jpadilla/pyjwt/pull/803>`_
+
+Added
+~~~~~
+- Adding validation for `issued_at` when `iat > (now + leeway)` as
`ImmatureSignatureError` by @sriharan16 in
https://github.com/jpadilla/pyjwt/pull/794
+
+`v2.5.0 <https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0>`__
-----------------------------------------------------------------------
Changed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/PKG-INFO new/PyJWT-2.6.0/PKG-INFO
--- old/PyJWT-2.5.0/PKG-INFO 2022-09-17 16:01:40.141296900 +0200
+++ new/PyJWT-2.6.0/PKG-INFO 2022-10-20 03:08:45.272015800 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: PyJWT
-Version: 2.5.0
+Version: 2.6.0
Summary: JSON Web Token implementation in Python
Home-page: https://github.com/jpadilla/pyjwt
Author: Jose Padilla
@@ -85,7 +85,7 @@
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
-Provides-Extra: docs
+Provides-Extra: crypto
Provides-Extra: dev
+Provides-Extra: docs
Provides-Extra: tests
-Provides-Extra: crypto
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/PyJWT.egg-info/PKG-INFO
new/PyJWT-2.6.0/PyJWT.egg-info/PKG-INFO
--- old/PyJWT-2.5.0/PyJWT.egg-info/PKG-INFO 2022-09-17 16:01:39.000000000
+0200
+++ new/PyJWT-2.6.0/PyJWT.egg-info/PKG-INFO 2022-10-20 03:08:44.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: PyJWT
-Version: 2.5.0
+Version: 2.6.0
Summary: JSON Web Token implementation in Python
Home-page: https://github.com/jpadilla/pyjwt
Author: Jose Padilla
@@ -85,7 +85,7 @@
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
-Provides-Extra: docs
+Provides-Extra: crypto
Provides-Extra: dev
+Provides-Extra: docs
Provides-Extra: tests
-Provides-Extra: crypto
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/PyJWT.egg-info/SOURCES.txt
new/PyJWT-2.6.0/PyJWT.egg-info/SOURCES.txt
--- old/PyJWT-2.5.0/PyJWT.egg-info/SOURCES.txt 2022-09-17 16:01:39.000000000
+0200
+++ new/PyJWT-2.6.0/PyJWT.egg-info/SOURCES.txt 2022-10-20 03:08:45.000000000
+0200
@@ -5,6 +5,7 @@
LICENSE
MANIFEST.in
README.rst
+pyproject.toml
setup.cfg
setup.py
tox.ini
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/PyJWT.egg-info/requires.txt
new/PyJWT-2.6.0/PyJWT.egg-info/requires.txt
--- old/PyJWT-2.5.0/PyJWT.egg-info/requires.txt 2022-09-17 16:01:39.000000000
+0200
+++ new/PyJWT-2.6.0/PyJWT.egg-info/requires.txt 2022-10-20 03:08:44.000000000
+0200
@@ -1,14 +1,12 @@
[crypto]
-cryptography>=3.3.1
-types-cryptography>=3.3.21
+cryptography>=3.4.0
[dev]
sphinx<5.0.0,>=4.5.0
sphinx-rtd-theme
zope.interface
-cryptography>=3.3.1
-types-cryptography>=3.3.21
+cryptography>=3.4.0
pytest<7.0.0,>=6.0.0
coverage[toml]==5.0.4
pre-commit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/jwt/__init__.py
new/PyJWT-2.6.0/jwt/__init__.py
--- old/PyJWT-2.5.0/jwt/__init__.py 2022-09-17 15:52:33.000000000 +0200
+++ new/PyJWT-2.6.0/jwt/__init__.py 2022-10-20 03:08:19.000000000 +0200
@@ -26,7 +26,7 @@
)
from .jwks_client import PyJWKClient
-__version__ = "2.5.0"
+__version__ = "2.6.0"
__title__ = "PyJWT"
__description__ = "JSON Web Token implementation in Python"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/jwt/api_jwt.py
new/PyJWT-2.6.0/jwt/api_jwt.py
--- old/PyJWT-2.5.0/jwt/api_jwt.py 2022-09-16 22:01:01.000000000 +0200
+++ new/PyJWT-2.6.0/jwt/api_jwt.py 2022-10-20 02:40:19.000000000 +0200
@@ -210,10 +210,13 @@
raise MissingRequiredClaimError(claim)
def _validate_iat(self, payload, now, leeway):
+ iat = payload["iat"]
try:
- int(payload["iat"])
+ int(iat)
except ValueError:
raise InvalidIssuedAtError("Issued At claim (iat) must be an
integer.")
+ if iat > (now + leeway):
+ raise ImmatureSignatureError("The token is not yet valid (iat)")
def _validate_nbf(self, payload, now, leeway):
try:
@@ -230,7 +233,7 @@
except ValueError:
raise DecodeError("Expiration Time claim (exp) must be an" "
integer.")
- if exp < (now - leeway):
+ if exp <= (now - leeway):
raise ExpiredSignatureError("Signature has expired")
def _validate_aud(self, payload, audience):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/pyproject.toml
new/PyJWT-2.6.0/pyproject.toml
--- old/PyJWT-2.5.0/pyproject.toml 1970-01-01 01:00:00.000000000 +0100
+++ new/PyJWT-2.6.0/pyproject.toml 2022-09-20 12:55:34.000000000 +0200
@@ -0,0 +1,25 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
+[tool.coverage.run]
+parallel = true
+branch = true
+source = ["jwt"]
+
+[tool.coverage.paths]
+source = ["jwt", ".tox/*/site-packages"]
+
+[tool.coverage.report]
+show_missing = true
+
+[tool.isort]
+profile = "black"
+atomic = true
+combine_as_imports = true
+
+[tool.mypy]
+python_version = 3.7
+ignore_missing_imports = true
+warn_unused_ignores = true
+no_implicit_optional = true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/setup.cfg new/PyJWT-2.6.0/setup.cfg
--- old/PyJWT-2.5.0/setup.cfg 2022-09-17 16:01:40.141958500 +0200
+++ new/PyJWT-2.6.0/setup.cfg 2022-10-20 03:08:45.273726000 +0200
@@ -44,8 +44,7 @@
sphinx-rtd-theme
zope.interface
crypto =
- cryptography>=3.3.1
- types-cryptography>=3.3.21
+ cryptography>=3.4.0
tests =
pytest>=6.0.0,<7.0.0
coverage[toml]==5.0.4
@@ -53,8 +52,7 @@
sphinx>=4.5.0,<5.0.0
sphinx-rtd-theme
zope.interface
- cryptography>=3.3.1
- types-cryptography>=3.3.21
+ cryptography>=3.4.0
pytest>=6.0.0,<7.0.0
coverage[toml]==5.0.4
pre-commit
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.5.0/tests/test_api_jwt.py
new/PyJWT-2.6.0/tests/test_api_jwt.py
--- old/PyJWT-2.5.0/tests/test_api_jwt.py 2022-09-16 22:01:01.000000000
+0200
+++ new/PyJWT-2.6.0/tests/test_api_jwt.py 2022-10-20 02:40:19.000000000
+0200
@@ -219,6 +219,14 @@
with pytest.raises(InvalidIssuedAtError):
jwt.decode(example_jwt, "secret", algorithms=["HS256"])
+ def test_decode_raises_exception_if_iat_is_greater_than_now(self, jwt,
payload):
+ payload["iat"] = utc_timestamp() + 10
+ secret = "secret"
+ jwt_message = jwt.encode(payload, secret)
+
+ with pytest.raises(ImmatureSignatureError):
+ jwt.decode(jwt_message, secret, algorithms=["HS256"])
+
def test_decode_raises_exception_if_nbf_is_not_int(self, jwt):
# >>> jwt.encode({'nbf': 'not-an-int'}, 'secret')
example_jwt = (
