Skip to content

build(deps): bump pyjwt from 1.7.1 to 2.1.0 in /tools/dependency#24

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/tools/dependency/pyjwt-2.1.0
Closed

build(deps): bump pyjwt from 1.7.1 to 2.1.0 in /tools/dependency#24
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/tools/dependency/pyjwt-2.1.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 29, 2021
edited
Loading

Bumps pyjwt from 1.7.1 to 2.1.0.

Release notes

Sourced from pyjwt's releases.

2.1.0

Changelog

Changed

  • Allow claims validation without making JWT signature validation mandatory. #608

Fixed

  • Remove padding from JWK test data. #628
  • Make kty mandatory in JWK to be compliant with RFC7517. #624
  • Allow JWK without alg to be compliant with RFC7517. #624
  • Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. #645

Added

  • Add caching by default to PyJWKClient #611
  • Add missing exceptions.InvalidKeyError to jwt module __init__ imports #620
  • Add support for ES256K algorithm #629
  • Add from_jwk() to Ed25519Algorithm #621
  • Add to_jwk() to Ed25519Algorithm #643
  • Export PyJWK and PyJWKSet #652

2.0.1

Changelog

Changed

  • Rename CHANGELOG.md to CHANGELOG.rst and include in docs #597

Fixed

  • Fix from_jwk() for all algorithms #598

v2.0.0

Highlights

Introduce better experience for JWKs

Introduce PyJWK, PyJWKSet, and PyJWKClient.

import jwt
from jwt import PyJWKClient
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
</tr></table>

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.1.0 <https://github.com/jpadilla/pyjwt/compare/2.0.1...2.1.0>__

Changed


- Allow claims validation without making JWT signature validation mandatory. `[#608](https://github.com/jpadilla/pyjwt/issues/608) <https://github.com/jpadilla/pyjwt/pull/608>`__

Fixed



- Remove padding from JWK test data. `[#628](https://github.com/jpadilla/pyjwt/issues/628) &lt;https://github.com/jpadilla/pyjwt/pull/628&gt;`__
- Make `kty` mandatory in JWK to be compliant with RFC7517. `[#624](https://github.com/jpadilla/pyjwt/issues/624) &lt;https://github.com/jpadilla/pyjwt/pull/624&gt;`__
- Allow JWK without `alg` to be compliant with RFC7517. `[#624](https://github.com/jpadilla/pyjwt/issues/624) &lt;https://github.com/jpadilla/pyjwt/pull/624&gt;`__
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `[#645](https://github.com/jpadilla/pyjwt/issues/645) &lt;https://github.com/jpadilla/pyjwt/pull/645&gt;`__

Added




    

  • Add caching by default to PyJWKClient [#611](https://github.com/jpadilla/pyjwt/issues/611) &lt;https://github.com/jpadilla/pyjwt/pull/611&gt;__
    • 

  • Add missing exceptions.InvalidKeyError to jwt module init imports [#620](https://github.com/jpadilla/pyjwt/issues/620) &lt;https://github.com/jpadilla/pyjwt/pull/620&gt;__
    • 

  • Add support for ES256K algorithm [#629](https://github.com/jpadilla/pyjwt/issues/629) &lt;https://github.com/jpadilla/pyjwt/pull/629&gt;__
    • 

  • Add from_jwk() to Ed25519Algorithm [#621](https://github.com/jpadilla/pyjwt/issues/621) &lt;https://github.com/jpadilla/pyjwt/pull/621&gt;__
    • 

  • Add to_jwk() to Ed25519Algorithm [#643](https://github.com/jpadilla/pyjwt/issues/643) &lt;https://github.com/jpadilla/pyjwt/pull/643&gt;__
    • 

  • Export PyJWK and PyJWKSet [#652](https://github.com/jpadilla/pyjwt/issues/652) &lt;https://github.com/jpadilla/pyjwt/pull/652&gt;__
    • 



v2.0.1 &lt;https://github.com/jpadilla/pyjwt/compare/2.0.0...2.0.1&gt;__


Changed

  • Rename CHANGELOG.md to CHANGELOG.rst and include in docs [#597](https://github.com/jpadilla/pyjwt/issues/597) <https://github.com/jpadilla/pyjwt/pull/597>__

Fixed


- Fix `from_jwk()` for all algorithms `[#598](https://github.com/jpadilla/pyjwt/issues/598) <https://github.com/jpadilla/pyjwt/pull/598>`__

Added

v2.0.0 <https://github.com/jpadilla/pyjwt/compare/1.7.1...2.0.0>__

Changed


Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
</tr></table>

... (truncated)

Commits
  • 79c23d7 Bump up version to v2.1.0 (#653)
  • c7f9ac5 Export PyJWK and PyJWKSet (#652)
  • 816cbe5 [pre-commit.ci] pre-commit autoupdate (#650)
  • 0da4223 Fix incorrect documentation for jwt (#651)
  • 545931d Add to_jwk to Ed25519Algorithm. (#642) (#643)
  • 7f6a236 Clearly warn against computing algorithms from the token’s alg (#647)
  • fb86f9d Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorit...
  • bcd5728 changed 'paramenter' to 'parameter' (#638)
  • fc7a708 [pre-commit.ci] pre-commit autoupdate (#640)
  • f02fa0d [pre-commit.ci] pre-commit autoupdate (#636)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 29, 2021
@dependabot dependabot Bot mentioned this pull request Apr 29, 2021
Closed
@dependabot dependabot Bot force-pushed the dependabot/pip/tools/dependency/pyjwt-2.1.0 branch from 4b24b4a to 8a7521c Compare April 30, 2021 01:25
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 30, 2021

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions Bot added the stale label May 30, 2021
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 6, 2021

This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions Bot closed this Jun 6, 2021
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Jun 6, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/pip/tools/dependency/pyjwt-2.1.0 branch June 6, 2021 08:42
wbpcode pushed a commit that referenced this pull request Sep 20, 2022
@benjaminp
test: fix a race in http2 flood integration test (envoyproxy#23094)
860c607 
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
    #0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
    #1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
    #2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
    #3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
    #4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
    #5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
    #6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
    #7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
    #8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
    #9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
    #10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
    #11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)

0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
    #0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
    #2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
    #3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
    #4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
    #5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
    #6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
    #7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
    #8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
    #9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
    #10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
    #11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
    #12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
    #13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
    #14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
    #15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
    #16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
    #17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
    #18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
    #19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
    #20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
    #21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
    #22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
    #23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
    #24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
    #25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```

To fix that, write all metadata frames at once.

Signed-off-by: Benjamin Peterson <benjamin@engflow.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants