Accepting request 981206 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/981206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-PyJWT?expand=0&rev=24

PyJWT-2.3.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b888b4d56f06f6dcd777210c334e69c737be74755d3e5e9ee3fe67dc18a0ee41
-size 62279

PyJWT-2.4.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba
+size 66327

python-PyJWT.changes

@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Tue Jun  7 17:27:32 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
+  - Security
+    - [CVE-2022-29217] Prevent key confusion through
+      non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
+  - Other changes:
+    - Explicit check the key for ECAlgorithm by @estin in
+      https://github.com/jpadilla/pyjwt/pull/713
+    - Raise DeprecationWarning for jwt.decode(verify=...) by @akx
+      in https://github.com/jpadilla/pyjwt/pull/742
+    - Don't use implicit optionals by @rekyungmin in
+      https://github.com/jpadilla/pyjwt/pull/705
+    - documentation fix: show correct scope for decode_complete()
+      by @sseering in https://github.com/jpadilla/pyjwt/pull/661
+    - fix: Update copyright information by @kkirsche in
+      https://github.com/jpadilla/pyjwt/pull/729
+    - Don't mutate options dictionary in .decode_complete() by @akx
+      in https://github.com/jpadilla/pyjwt/pull/743
+    - Add support for Python 3.10 by @hugovk in
+      https://github.com/jpadilla/pyjwt/pull/699
+    - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
+      https://github.com/jpadilla/pyjwt/pull/725
+    - Update usage.rst by @guneybilen in
+      https://github.com/jpadilla/pyjwt/pull/727
+    - Docs: mention performance reasons for reusing RSAPrivateKey
+      when encoding by @dmahr1 in
+      https://github.com/jpadilla/pyjwt/pull/734
+    - Fixed typo in usage.rst by @israelabraham in
+      https://github.com/jpadilla/pyjwt/pull/738
+    - Add detached payload support for JWS encoding and decoding by
+      @fviard in https://github.com/jpadilla/pyjwt/pull/723
+    - Replace various string interpolations with f-strings by @akx
+      in https://github.com/jpadilla/pyjwt/pull/744
+
 -------------------------------------------------------------------
 Wed Nov  3 08:57:35 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
 

python-PyJWT.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-PyJWT
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %global skip_python2 1
 Name:           python-PyJWT
-Version:        2.3.0
+Version:        2.4.0
 Release:        0
 Summary:        JSON Web Token implementation in Python
 License:        MIT