Skip to content

Bump pyjwt from 2.11.0 to 2.12.0#3009

Open
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/pip/pyjwt-2.12.0
Open

Bump pyjwt from 2.11.0 to 2.12.0#3009
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/pip/pyjwt-2.12.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps pyjwt from 2.11.0 to 2.12.0.

Release notes

Sourced from pyjwt's releases.

2.12.0

Security

What's Changed

New Contributors

Full Changelog: jpadilla/pyjwt@2.11.0...2.12.0

Changelog

Sourced from pyjwt's changelog.

v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>__

Fixed


- Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__
- Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__
- Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__

Added

  • Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 1, 2026
@liquidsec liquidsec changed the base branch from stable to dev April 1, 2026 17:30
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 1, 2026
edited
Loading


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

This was referenced Apr 1, 2026
Closed
Closed
Merged
@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 1, 2026

@dependabot recreate

@aconite33
Copy link
Copy Markdown
Contributor

aconite33 commented Apr 1, 2026

recheck

@dependabot dependabot Bot changed the base branch from dev to stable April 1, 2026 20:27
@dependabot dependabot Bot force-pushed the dependabot/pip/pyjwt-2.12.0 branch from b51567d to 1ca4d2f Compare April 1, 2026 20:27
@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 1, 2026

@dependabot rebase dev

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 1, 2026

Looks like this PR is already up-to-date with stable! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@liquidsec liquidsec changed the base branch from stable to dev April 1, 2026 20:33
@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 1, 2026

recheck

@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 16, 2026

@dependabot recreate

@dependabot dependabot Bot changed the base branch from dev to stable April 16, 2026 18:51
@dependabot dependabot Bot force-pushed the dependabot/pip/pyjwt-2.12.0 branch from 1ca4d2f to 5151bf2 Compare April 16, 2026 18:51
@liquidsec liquidsec changed the base branch from stable to dev April 16, 2026 18:51
@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 16, 2026

@dependabot recreate

@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Apr 16, 2026

@dependabot rebase

@dependabot dependabot Bot changed the base branch from dev to stable April 16, 2026 19:39
@dependabot dependabot Bot force-pushed the dependabot/pip/pyjwt-2.12.0 branch from 5151bf2 to 4799216 Compare April 16, 2026 19:39
@liquidsec liquidsec changed the base branch from stable to dev April 17, 2026 21:06
@liquidsec
Bump pyjwt from 2.11.0 to 2.12.1
3d8c08c 
Re-syncs uv.lock with pyproject.toml; incidentally pulls pytest-asyncio
1.2.0->1.3.0 and ruff 0.15.10->0.15.12 (already pinned in pyproject).
@liquidsec liquidsec force-pushed the dependabot/pip/pyjwt-2.12.0 branch from 4799216 to 3d8c08c Compare May 1, 2026 15:15
@codecov
Copy link
Copy Markdown

codecov Bot commented May 1, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91%. Comparing base (9de96b6) to head (3d8c08c).

Additional details and impacted files 
@@          Coverage Diff          @@
##             dev   #3009   +/-   ##
=====================================
  Coverage     91%     91%           
=====================================
  Files        437     437           
  Lines      37507   37507           
=====================================
  Hits       33922   33922           
  Misses      3585    3585

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liquidsec @aconite33