Bump pyjwt[crypto] from 2.10.1 to 2.11.0 by dependabot[bot] · Pull Request #1561 · fastapi-users/fastapi-users

dependabot · 2026-02-02T04:04:12Z

Bumps pyjwt[crypto] from 2.10.1 to 2.11.0.

Release notes

Sourced from pyjwt[crypto]'s releases.

2.11.0

What's Changed

Fixed type error in comment by @shuhaib-aot in jpadilla/pyjwt#1026

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1018

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1033

Make note of use of leeway with nbf by @djw8605 in jpadilla/pyjwt#1034

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1035

Fixes #964: Validate key against allowed types for Algorithm family by @pachewise in jpadilla/pyjwt#985

Feat #1024: Add iterator for PyJWKSet by @pachewise in jpadilla/pyjwt#1041

Fixes #1039: Add iss, issuer type checks by @pachewise in jpadilla/pyjwt#1040

Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @pachewise in jpadilla/pyjwt#1045

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1042

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1052

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1053

Fix #1022: Map algorithm=None to "none" by @qqii in jpadilla/pyjwt#1056

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1055

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1058

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1060

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1061

Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @khvn26 in jpadilla/pyjwt#1048

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1062

Fixed doc string typo in _validate_jti() function #1063 by @kuldeepkhatke in jpadilla/pyjwt#1064

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1065

Update SECURITY.md by @auvipy in jpadilla/pyjwt#1057

Typing fix: use float instead of int for lifespan and timeout by @nikitagashkov in jpadilla/pyjwt#1068

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1067

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1071

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1076

Fix TYP header documentation by @fobiasmog in jpadilla/pyjwt#1046

doc: Document claims sub and jti by @cleder in jpadilla/pyjwt#1088

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1077

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in jpadilla/pyjwt#1089

Bump actions/stale from 8 to 10 by @dependabot[bot] in jpadilla/pyjwt#1090

Bump actions/checkout from 4 to 5 by @dependabot[bot] in jpadilla/pyjwt#1083

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1091

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1093

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in jpadilla/pyjwt#1096

Resolve package build warnings by @kurtmckee in jpadilla/pyjwt#1105

Support Python 3.14, and test against PyPy 3.10+ by @kurtmckee in jpadilla/pyjwt#1104

Fix a SyntaxWarning caused by invalid escape sequences by @kurtmckee in jpadilla/pyjwt#1103

Standardize CHANGELOG links to PRs by @kurtmckee in jpadilla/pyjwt#1110

Migrate from pep517, which is deprecated, to build by @kurtmckee in jpadilla/pyjwt#1108

Fix incorrectly-named test suite function by @kurtmckee in jpadilla/pyjwt#1116

Fix Read the Docs builds by @kurtmckee in jpadilla/pyjwt#1111

Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in jpadilla/pyjwt#1118

Escalate test suite warnings to errors by @kurtmckee in jpadilla/pyjwt#1107

Add pyupgrade as a pre-commit hook by @kurtmckee in jpadilla/pyjwt#1109

Simplify the test suite decorators by @kurtmckee in jpadilla/pyjwt#1113

Improve coverage config and eliminate unused test suite code by @kurtmckee in jpadilla/pyjwt#1115

Build a shared wheel once in the test suite by @kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt[crypto]'s changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed
- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added
Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__

Development: Migrate to build to test package building in CI by @kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__

Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__

Docs: Standardize CHANGELOG links to PRs by @kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__

Docs: Fix Read the Docs builds by @kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__

Docs: Add example of using leeway with nbf by @djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__

Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__

Docs: Documentation improvements for "sub" and "jti" claims by @cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__

Development: Add pyupgrade as a pre-commit hook by @kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__

Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.

Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

697344d bump up version
e4d0aec fix: pre-commit
df9a6a0 fix: failing test
2b2e53c fix: docs
635c8d8 fix: failing mypy
96ae356 feat: add minimum key length validation for HMAC and RSA
5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
dd44834 Fix leeway value in usage documentation (#1124)
407f0bd Thoroughly test type annotations, and resolve errors (#1112)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pyjwt[crypto]](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](jpadilla/pyjwt@2.10.1...2.11.0) --- updated-dependencies: - dependency-name: pyjwt[crypto] dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2026-02-05T09:08:21Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (9b852f9) to head (40c502a).

Additional details and impacted files

@@            Coverage Diff            @@
##            master     #1561   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           35        35           
  Lines          990       990           
=========================================
  Hits           990       990

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dependabot · 2026-02-05T09:12:40Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 2, 2026

Merge branch 'master' into dependabot/pip/pyjwt-crypto--2.11.0

40c502a

frankie567 closed this Feb 5, 2026

dependabot bot deleted the dependabot/pip/pyjwt-crypto--2.11.0 branch February 5, 2026 09:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump pyjwt[crypto] from 2.10.1 to 2.11.0#1561

Bump pyjwt[crypto] from 2.10.1 to 2.11.0#1561
dependabot[bot] wants to merge 2 commits intomasterfrom
dependabot/pip/pyjwt-crypto--2.11.0

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading

Uh oh!

codecov bot commented Feb 5, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Feb 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

2.11.0

What's Changed

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Uh oh!

codecov bot commented Feb 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

dependabot bot commented on behalf of github Feb 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Feb 2, 2026 •

edited

Loading

`v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>`__

codecov bot commented Feb 5, 2026 •

edited

Loading