Skip to content

Bump python-jose from 3.3.0 to 3.5.0 in /backend#6

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/python-jose-3.5.0
Open

Bump python-jose from 3.3.0 to 3.5.0 in /backend#6
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/backend/python-jose-3.5.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 18, 2026
edited
Loading

Bumps python-jose from 3.3.0 to 3.5.0.

Release notes

Sourced from python-jose's releases.

3.5.0

  • Remove support for Python 3.8
  • Added support for Python 3.12 & 3.13
  • Upgrade to pyasn1 0.5.1+
  • Upgrade to pytest and other dependencies
  • Add RTD config file to silence emailed deprecation warnings

Bug fixes and Improvements

  • Remove get_random_bytes from cryptography backend
  • Do not use utc_now on module level
  • Remove key data (sensitive information) from JWKError exceptions
  • Added possibility to call jwk.construct() with a private RSA key

https://pypi.org/project/python-jose/3.5.0/

3.4.0

News

  • Remove support for Python 3.6 and 3.7
  • Added support for Python 3.10 and 3.11

Bug fixes and Improvements

  • Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block cipher mode
  • Fix for PEM key comparisons caused by line lengths and new lines
  • Fix for CVE-2024-33664 - JWE limited to 250KiB
  • Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
  • Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

  • Updated Github Actions Workflows
  • Updated to use tox 4.x
  • Revise codecov integration
  • Fixed DeprecationWarnings
Changelog

Sourced from python-jose's changelog.

3.5.0 -- 2025-05-28

News

  • Remove support for Python 3.8
  • Added support for Python 3.12 & 3.13
  • Upgrade to pyasn1 0.5.1+
  • Upgrade to pytest and other dependencies
  • Add RTD config file to silence emailed deprecation warnings

Bug fixes and Improvements

  • Remove get_random_bytes from cryptography backend
  • Do not use utc_now on module level
  • Remove key data (sensitive information) from JWKError exceptions
  • Added possibility to call jwk.construct() with a private RSA key

3.4.0 -- 2025-02-14

News

  • Remove support for Python 3.6 and 3.7
  • Added support for Python 3.10 and 3.11

Bug fixes and Improvements

  • Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block cipher mode
  • Fix for PEM key comparisons caused by line lengths and new lines
  • Fix for CVE-2024-33664 - JWE limited to 250KiB
  • Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
  • Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

  • Updated Github Actions Workflows
  • Updated to use tox 4.x
  • Revise codecov integration
  • Fixed DeprecationWarnings
Commits

@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 18, 2026

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/pip/backend/python-jose-3.5.0 branch from 5b27af5 to 02abf95 Compare April 18, 2026 20:36
@dependabot
Bump python-jose from 3.3.0 to 3.5.0 in /backend
4ed13f9 
Bumps [python-jose](https://github.com/mpdavis/python-jose) from 3.3.0 to 3.5.0.
- [Release notes](https://github.com/mpdavis/python-jose/releases)
- [Changelog](https://github.com/mpdavis/python-jose/blob/master/CHANGELOG.md)
- [Commits](mpdavis/python-jose@3.3.0...3.5.0)

---
updated-dependencies:
- dependency-name: python-jose
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/backend/python-jose-3.5.0 branch from 02abf95 to 4ed13f9 Compare April 18, 2026 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants