chore(deps): bump joserfc from 1.5.0 to 1.6.3 by dependabot[bot] · Pull Request #63850 · apache/airflow

dependabot · 2026-03-17T21:57:16Z

Bumps joserfc from 1.5.0 to 1.6.3.

Release notes

1.6.3

   🐞 Bug Fixes

jwe: Set max value for p2c - by @lepture (696a9)

    View changes on GitHub

1.6.2

   🐞 Bug Fixes

Class does not need to inherit object - by @lepture (4a9be)

jwe: Move size limit to DeflateZipModel - by @lepture (04211)

jwe: Auto add kid when add_recipient - by @lepture (10ac9)

jwe: Auto add kid to recipient when kid exists - by @lepture (9db7e)

    View changes on GitHub

1.6.1

   🐞 Bug Fixes

Remove duplicate code - by @lepture (2c2ca)

Improve base key method definition - by @lepture (d78b4)

Update for type hints - by @lepture (e0d4f)

jwt: Remove InvalidTokenError, ExpiredTokenError based on ClaimError - by @lepture (b71ca)

    View changes on GitHub

1.6.0

   🚀 Features

Filter_algorithms names parameter default to all algs - by @azmeuk (1034a)

Pick_random_key algorithm parameter is optional - by @azmeuk (ee046)

Filter_algorithms supports KeySet objects - by @azmeuk (775d5)

jwk: Add a derive_key method for OKPKey - by @lepture (04f59)

jwk: Add derive_key method for ECKey - by @lepture (73412)

   🐞 Bug Fixes

Remove backend parameter, it is deprecated - by @lepture (e10e1)

jwa: Improve RFC9864 check key logic - by @lepture (b8434)

jwk: Improve OKPKey implementation - by @lepture (7b8e3)

jwk: Allow import key from cryptography native key types - by @lepture (6db65)

jwk: Raise InvalidKeyCurveError when generate ECKey with invalid crv - by @lepture (c7921)

jwk: Improve generate_private_key on binding class - by @lepture (24257)

jwk: Remove useless properties on OKPKey - by @lepture (bf35f)

jws: Use JWSRegistry.guess_algorithm to replace JWSRegistry.guess_alg - by @lepture (6b34c)

jwt: Make BaseClaimsRegistry.essential_keys a property. - by @lepture (bc13e)

    View changes on GitHub

Changelog

Sourced from joserfc's changelog.

1.6.3

Released on February 25, 2026

JWE: Set a max value for p2c header.

1.6.2

Released on February 16, 2026

JWE: Auto add kid to recipient.

JWE: Use DeflateZipModel.MAX_SIZE to determine size limit.

1.6.1

Released on December 30, 2025

Deprecate InvalidTokenError, please use InvalidClaimError instead.

Convert ExpiredTokenError to inherit from ClaimError.

Improve on type hints.

1.6.0

Released on December 14, 2025

filter_algorithms names defaults to all algorithms. :pull:79.

Replace JWSRegistry.guess_alg with JWSRegistry.guess_algorithm.

filter_algorithms and guess_alg supports KeySet objects. :pull:81.

Improve generate_private_key method on Key's binding class.

Raise InvalidKeyCurveError when generating ECKey with an invalid curve.

Allow import key from cryptography native key types.

Add ECKey.derive_key and OKPKey.derive_key class methods.

Commits

f06540f chore: release 1.6.3
696a961 fix(jwe): set max value for p2c
52c6ffd chore: release 1.6.2
3b36720 chore: update deps
91c7ecd chore: update readme
9db7e44 fix(jwe): auto add kid to recipient when kid exists
1330b49 docs: add a cheatsheet recipe
10ac93f fix(jwe): auto add kid when add_recipient
224e72a chore: remove codecov token
042118c fix(jwe): move size limit to DeflateZipModel
Additional commits viewable in compare view

Bumps [joserfc](https://github.com/authlib/joserfc) from 1.5.0 to 1.6.3. - [Release notes](https://github.com/authlib/joserfc/releases) - [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst) - [Commits](authlib/joserfc@1.5.0...1.6.3) --- updated-dependencies: - dependency-name: joserfc dependency-version: 1.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [joserfc](https://github.com/authlib/joserfc) from 1.5.0 to 1.6.3. - [Release notes](https://github.com/authlib/joserfc/releases) - [Changelog](https://github.com/authlib/joserfc/blob/main/docs/changelog.rst) - [Commits](authlib/joserfc@1.5.0...1.6.3) --- updated-dependencies: - dependency-name: joserfc dependency-version: 1.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 17, 2026

dependabot bot force-pushed the dependabot/uv/joserfc-1.6.3 branch 5 times, most recently from 42e52be to e5564f1 Compare March 24, 2026 23:10

dependabot bot force-pushed the dependabot/uv/joserfc-1.6.3 branch 4 times, most recently from 9889c5c to 0bfa113 Compare March 27, 2026 18:05

dependabot bot force-pushed the dependabot/uv/joserfc-1.6.3 branch from 0bfa113 to 209889c Compare March 27, 2026 18:07

jscheffl approved these changes Mar 28, 2026

View reviewed changes

jscheffl merged commit 6710866 into main Mar 28, 2026
65 checks passed

jscheffl deleted the dependabot/uv/joserfc-1.6.3 branch March 28, 2026 17:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump joserfc from 1.5.0 to 1.6.3#63850

chore(deps): bump joserfc from 1.5.0 to 1.6.3#63850
jscheffl merged 1 commit intomainfrom
dependabot/uv/joserfc-1.6.3

dependabot bot commented on behalf of github Mar 17, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

1.6.3

🐞 Bug Fixes

View changes on GitHub

1.6.2

🐞 Bug Fixes

View changes on GitHub

1.6.1

🐞 Bug Fixes

View changes on GitHub

1.6.0

🚀 Features

🐞 Bug Fixes

View changes on GitHub

1.6.3

1.6.2

1.6.1

1.6.0

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Mar 17, 2026 •

edited

Loading