This is an automated email from the ASF dual-hosted git repository.
jshao pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 741880f5e1 build(deps-dev): bump pyjwt[crypto] from 2.8.0 to 2.10.1 in
/clients/client-python (#8855)
741880f5e1 is described below
commit 741880f5e1e2768a88b6fa88a5f87d3ee6bdde7d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Oct 22 14:15:11 2025 +0800
build(deps-dev): bump pyjwt[crypto] from 2.8.0 to 2.10.1 in
/clients/client-python (#8855)
Bumps [pyjwt[crypto]](https://github.com/jpadilla/pyjwt) from 2.8.0 to
2.10.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/releases";>pyjwt[crypto]'s
releases</a>.</em></p>
<blockquote>
<h2>2.10.1</h2>
<h2>Fixed</h2>
<ul>
<li>Prevent partial matching of <code>iss</code> claim. Thanks <a
href="https://github.com/fabianbadoi";><code>@fabianbadoi</code></a>!
(See: <a
href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm";>https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1";>https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1</a></p>
<h2>2.10.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: use sequence for typing rather than list by <a
href="https://github.com/imnotjames";><code>@imnotjames</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/970";>jpadilla/pyjwt#970</a></li>
<li>Add support for Python 3.13 by <a
href="https://github.com/hugovk";><code>@hugovk</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/972";>jpadilla/pyjwt#972</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci";><code>@pre-commit-ci</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/971";>jpadilla/pyjwt#971</a></li>
<li>Add an RTD config file to resolve RTD build failures by <a
href="https://github.com/kurtmckee";><code>@kurtmckee</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/977";>jpadilla/pyjwt#977</a></li>
<li>docs: Update <code>iat</code> exception docs by <a
href="https://github.com/pachewise";><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/974";>jpadilla/pyjwt#974</a></li>
<li>Remove algorithm requirement for JWT API by <a
href="https://github.com/luhn";><code>@luhn</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/975";>jpadilla/pyjwt#975</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci";><code>@pre-commit-ci</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/978";>jpadilla/pyjwt#978</a></li>
<li>Create SECURITY.md by <a
href="https://github.com/auvipy";><code>@auvipy</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/973";>jpadilla/pyjwt#973</a></li>
<li>docs fix: decode_complete scope and algorithms by <a
href="https://github.com/RbnRncn";><code>@RbnRncn</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/982";>jpadilla/pyjwt#982</a></li>
<li>fix doctest for docs/usage.rst by <a
href="https://github.com/pachewise";><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/986";>jpadilla/pyjwt#986</a></li>
<li>fix test_utils.py not to xfail by <a
href="https://github.com/pachewise";><code>@pachewise</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/987";>jpadilla/pyjwt#987</a></li>
<li>Correct jwt.decode audience param doc expression by <a
href="https://github.com/peter279k";><code>@peter279k</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/994";>jpadilla/pyjwt#994</a></li>
<li>Add PS256 encoding and decoding usage by <a
href="https://github.com/peter279k";><code>@peter279k</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/992";>jpadilla/pyjwt#992</a></li>
<li>Add API docs for PyJWK by <a
href="https://github.com/luhn";><code>@luhn</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/980";>jpadilla/pyjwt#980</a></li>
<li>Refactor project configuration files from setup.cfg to
pyproject.toml PEP-518 by <a
href="https://github.com/cleder";><code>@cleder</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/995";>jpadilla/pyjwt#995</a></li>
<li>Add JWK support to JWT encode by <a
href="https://github.com/luhn";><code>@luhn</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/979";>jpadilla/pyjwt#979</a></li>
<li>Update pre-commit hooks to lint pyproject.toml by <a
href="https://github.com/cleder";><code>@cleder</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1002";>jpadilla/pyjwt#1002</a></li>
<li>Add EdDSA algorithm encoding/decoding usage by <a
href="https://github.com/peter279k";><code>@peter279k</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/993";>jpadilla/pyjwt#993</a></li>
<li>Ruff linter and formatter changes by <a
href="https://github.com/gagandeepp";><code>@gagandeepp</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1001";>jpadilla/pyjwt#1001</a></li>
<li>Validate <code>sub</code> and <code>jti</code> claims for the token
by <a href="https://github.com/Divan009";><code>@Divan009</code></a> in
<a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1005";>jpadilla/pyjwt#1005</a></li>
<li>Add ES256 usage by <a
href="https://github.com/Gautam-Hegde";><code>@Gautam-Hegde</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1003";>jpadilla/pyjwt#1003</a></li>
<li>Encode EC keys with a fixed bit length by <a
href="https://github.com/way-dave";><code>@way-dave</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/990";>jpadilla/pyjwt#990</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci";><code>@pre-commit-ci</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1000";>jpadilla/pyjwt#1000</a></li>
<li>Drop support for Python 3.8 by <a
href="https://github.com/kkirsche";><code>@kkirsche</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1007";>jpadilla/pyjwt#1007</a></li>
<li>Prepare 2.10.0 release by <a
href="https://github.com/benvdh";><code>@benvdh</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1011";>jpadilla/pyjwt#1011</a></li>
<li>Bump codecov/codecov-action from 4 to 5 by <a
href="https://github.com/dependabot";><code>@dependabot</code></a> in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1014";>jpadilla/pyjwt#1014</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a
href="https://github.com/pre-commit-ci";><code>@pre-commit-ci</code></a>
in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1006";>jpadilla/pyjwt#1006</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/imnotjames";><code>@imnotjames</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/970";>jpadilla/pyjwt#970</a></li>
<li><a href="https://github.com/kurtmckee";><code>@kurtmckee</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/977";>jpadilla/pyjwt#977</a></li>
<li><a href="https://github.com/pachewise";><code>@pachewise</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/974";>jpadilla/pyjwt#974</a></li>
<li><a href="https://github.com/RbnRncn";><code>@RbnRncn</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/982";>jpadilla/pyjwt#982</a></li>
<li><a href="https://github.com/peter279k";><code>@peter279k</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/994";>jpadilla/pyjwt#994</a></li>
<li><a href="https://github.com/cleder";><code>@cleder</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/995";>jpadilla/pyjwt#995</a></li>
<li><a
href="https://github.com/gagandeepp";><code>@gagandeepp</code></a> made
their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1001";>jpadilla/pyjwt#1001</a></li>
<li><a href="https://github.com/Divan009";><code>@Divan009</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1005";>jpadilla/pyjwt#1005</a></li>
<li><a
href="https://github.com/Gautam-Hegde";><code>@Gautam-Hegde</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/1003";>jpadilla/pyjwt#1003</a></li>
<li><a href="https://github.com/way-dave";><code>@way-dave</code></a>
made their first contribution in <a
href="https://redirect.github.com/jpadilla/pyjwt/pull/990";>jpadilla/pyjwt#990</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0";>https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst";>pyjwt[crypto]'s
changelog</a>.</em></p>
<blockquote>
<h2><code>v2.10.1
<https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1></code>__</h2>
<p>Fixed</p>
<pre><code>
- Prevent partial matching of `iss` claim by @fabianbadoi in
`GHSA-75c5-xw7c-p5pm
<https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm>`__
<h2><code>v2.10.0
&lt;https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0&gt;</code>__</h2>
<p>Changed
</code></pre></p>
<ul>
<li>
<p>Remove algorithm requirement from JWT API, instead relying on JWS API
for enforcement, by <a
href="https://github.com/luhn";><code>@luhn</code></a> in
<code>[#975](https://github.com/jpadilla/pyjwt/issues/975)
<https://github.com/jpadilla/pyjwt/pull/975></code>__</p>
</li>
<li>
<p>Use <code>Sequence</code> for parameter types rather than
<code>List</code> where applicable by <a
href="https://github.com/imnotjames";><code>@imnotjames</code></a> in
<code>[#970](https://github.com/jpadilla/pyjwt/issues/970)
<https://github.com/jpadilla/pyjwt/pull/970></code>__</p>
</li>
<li>
<p>Add JWK support to JWT encode by <a
href="https://github.com/luhn";><code>@luhn</code></a> in
<code>[#979](https://github.com/jpadilla/pyjwt/issues/979)
<https://github.com/jpadilla/pyjwt/pull/979></code>__</p>
</li>
<li>
<p>Encoding and decoding payloads using the <code>none</code> algorithm
by <a href="https://github.com/jpadilla";><code>@jpadilla</code></a> in
<code>#c2629f6
<https://github.com/jpadilla/pyjwt/commit/c2629f66c593459e02616048443231ccbe18be16></code></p>
<p>Before:</p>
<p>.. code-block:: pycon</p>
<blockquote>
<blockquote>
<blockquote>
<p>import jwt
jwt.encode({"payload": "abc"}, key=None,
algorithm=None)</p>
</blockquote>
</blockquote>
</blockquote>
<p>After:</p>
<p>.. code-block:: pycon</p>
<blockquote>
<blockquote>
<blockquote>
<p>import jwt
jwt.encode({"payload": "abc"}, key=None,
algorithm="none")</p>
</blockquote>
</blockquote>
</blockquote>
</li>
<li>
<p>Added validation for 'sub' (subject) and 'jti' (JWT ID) claims in
tokens by <a
href="https://github.com/Divan009";><code>@Divan009</code></a> in
<code>[#1005](https://github.com/jpadilla/pyjwt/issues/1005)
<https://github.com/jpadilla/pyjwt/pull/1005></code>__</p>
</li>
<li>
<p>Refactor project configuration files from <code>setup.cfg</code> to
<code>pyproject.toml</code> by <a
href="https://github.com/cleder";><code>@cleder</code></a> in
<code>[#995](https://github.com/jpadilla/pyjwt/issues/995)
<https://github.com/jpadilla/pyjwt/pull/995></code>__</p>
</li>
<li>
<p>Ruff linter and formatter changes by <a
href="https://github.com/gagandeepp";><code>@gagandeepp</code></a> in
<code>[#1001](https://github.com/jpadilla/pyjwt/issues/1001)
<https://github.com/jpadilla/pyjwt/pull/1001></code>__</p>
</li>
<li>
<p>Drop support for Python 3.8 (EOL) by <a
href="https://github.com/kkirsche";><code>@kkirsche</code></a> in
<code>[#1007](https://github.com/jpadilla/pyjwt/issues/1007)
<https://github.com/jpadilla/pyjwt/pull/1007></code>__</p>
</li>
</ul>
<p>Fixed</p>
<pre><code>
- Encode EC keys with a fixed bit length by @etianen in
`[#990](https://github.com/jpadilla/pyjwt/issues/990)
<https://github.com/jpadilla/pyjwt/pull/990>`__
- Add an RTD config file to resolve Read the Docs build failures by
@kurtmckee in `[#977](https://github.com/jpadilla/pyjwt/issues/977)
<https://github.com/jpadilla/pyjwt/pull/977>`__
- Docs: Update ``iat`` exception docs by @pachewise in
`[#974](https://github.com/jpadilla/pyjwt/issues/974)
<https://github.com/jpadilla/pyjwt/pull/974>`__
- Docs: Fix ``decode_complete`` scope and algorithms by @RbnRncn in
`[#982](https://github.com/jpadilla/pyjwt/issues/982)
<https://github.com/jpadilla/pyjwt/pull/982>`__
- Fix doctest for ``docs/usage.rst`` by @pachewise in
`[#986](https://github.com/jpadilla/pyjwt/issues/986)
<https://github.com/jpadilla/pyjwt/pull/986>`__
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/3ebbb22f30f2b1b41727b269a08b427e9a85d6bb";><code>3ebbb22</code></a>
fix lint</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/37748dc1e328f120aa04ec98b2a71a0af6301a24";><code>37748dc</code></a>
update changelog</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1";><code>33022c2</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/783f324e5d2155462515ced45718fc164dd04db2";><code>783f324</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1006";>#1006</a>)</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/0116fc6cb2b5088b02efa4506ecb6dcea42d72b3";><code>0116fc6</code></a>
Bump codecov/codecov-action from 4 to 5 (<a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1014";>#1014</a>)</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/b032353bd93fee330cb79a351cc4d03affee19f5";><code>b032353</code></a>
feat: surface <code>jwt.decode_complete(...)</code></li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/a759c455cde3e9ff99afe25e9fc56278af666ff3";><code>a759c45</code></a>
Prepare 2.10.0 release (<a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1011";>#1011</a>)</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/b6b8bce07717b0b4bb7816b99c33ab9e6907059a";><code>b6b8bce</code></a>
Drop support for Python 3.8 (<a
href="https://redirect.github.com/jpadilla/pyjwt/issues/1007";>#1007</a>)</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/189c2561c47030d2e34aea040cf135ae4997a2d8";><code>189c256</code></a>
Update index.rst</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/19008577fbda9cbce879defa2c7cd6387f8ca66f";><code>1900857</code></a>
Update index.rst</li>
<li>Additional commits viewable in <a
href="https://github.com/jpadilla/pyjwt/compare/2.8.0...2.10.1";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
clients/client-python/requirements-dev.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/clients/client-python/requirements-dev.txt
b/clients/client-python/requirements-dev.txt
index 658ed82992..6a64c7d053 100644
--- a/clients/client-python/requirements-dev.txt
+++ b/clients/client-python/requirements-dev.txt
@@ -28,7 +28,7 @@ tenacity==8.3.0
cachetools==5.5.2
readerwriterlock==1.0.9
docker==7.1.0
-pyjwt[crypto]==2.8.0
+pyjwt[crypto]==2.10.1
jwcrypto==1.5.6
sphinx==7.1.2
furo==2024.8.6
