Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove arbitrary kwargs. #657

Merged
merged 3 commits into from
Aug 8, 2021
Merged

Remove arbitrary kwargs. #657

merged 3 commits into from
Aug 8, 2021

Conversation

dajiaji
Copy link
Contributor

@dajiaji dajiaji commented May 5, 2021
edited
Loading

Removed arbitrary keyword parameters (**kwargs) that are not being used in order to comply with the current API specification.
As mentioned in #606, I think it's a bit problematic not to get an error if you specify an unsupported argument.

If you agree with this change, I will update a CHANGELOG.

Close #606.

@jpadilla jpadilla merged commit 5fe7f2b into jpadilla:master Aug 8, 2021
@PrettyWood PrettyWood mentioned this pull request Oct 7, 2021
Merged
3 tasks
@lerela lerela mentioned this pull request Oct 7, 2021
Closed
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Oct 8, 2021
@dependabot @inmantaci
Bump pyjwt from 2.1.0 to 2.2.0 (PR #3336)
7e57295 
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.1.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p>
<blockquote>
<h2>2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Complete <code>jwt</code> documentation by <a href="https://github.com/johachi"><code>@​johachi</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/654">jpadilla/pyjwt#654</a></li>
<li>Ignore coverage files generated during test runs by <a href="https://github.com/makusu2"><code>@​makusu2</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/617">jpadilla/pyjwt#617</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/656">jpadilla/pyjwt#656</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/658">jpadilla/pyjwt#658</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/667">jpadilla/pyjwt#667</a></li>
<li>Fix aud validation to support {'aud': null} case. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/670">jpadilla/pyjwt#670</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/678">jpadilla/pyjwt#678</a></li>
<li>Prefer headers['alg'] to algorithm parameter in encode(). by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/673">jpadilla/pyjwt#673</a></li>
<li>DOC: Clarify RSA encoding and decoding depend on the cryptography package by <a href="https://github.com/TPXP"><code>@​TPXP</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/664">jpadilla/pyjwt#664</a></li>
<li>Make typ optional by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/644">jpadilla/pyjwt#644</a></li>
<li>Remove arbitrary kwargs. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/657">jpadilla/pyjwt#657</a></li>
<li>Assume JWK is valid for signing if &quot;use&quot; is omitted by <a href="https://github.com/Klavionik"><code>@​Klavionik</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/668">jpadilla/pyjwt#668</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/684">jpadilla/pyjwt#684</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/686">jpadilla/pyjwt#686</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/689">jpadilla/pyjwt#689</a></li>
<li>Remove upper bound on cryptography version by <a href="https://github.com/riconnon"><code>@​riconnon</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/693">jpadilla/pyjwt#693</a></li>
<li>Add support for Ed448/EdDSA. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/675">jpadilla/pyjwt#675</a></li>
<li>Chore: inline Variables that immediately Returned by <a href="https://github.com/yezz123"><code>@​yezz123</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/690">jpadilla/pyjwt#690</a></li>
<li>Use timezone package as Python 3.5+ is required by <a href="https://github.com/kkirsche"><code>@​kkirsche</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/694">jpadilla/pyjwt#694</a></li>
<li>Bump up version to v2.2.0 by <a href="https://github.com/jpadilla"><code>@​jpadilla</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/697">jpadilla/pyjwt#697</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TPXP"><code>@​TPXP</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/664">jpadilla/pyjwt#664</a></li>
<li><a href="https://github.com/Klavionik"><code>@​Klavionik</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/668">jpadilla/pyjwt#668</a></li>
<li><a href="https://github.com/riconnon"><code>@​riconnon</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/693">jpadilla/pyjwt#693</a></li>
<li><a href="https://github.com/yezz123"><code>@​yezz123</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/690">jpadilla/pyjwt#690</a></li>
<li><a href="https://github.com/kkirsche"><code>@​kkirsche</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/694">jpadilla/pyjwt#694</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0">https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.2.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- Remove arbitrary kwargs. `[#657](jpadilla/pyjwt#657) &lt;https://github.com/jpadilla/pyjwt/pull/657&gt;`__
- Use timezone package as Python 3.5+ is required. `[#694](jpadilla/pyjwt#694) &lt;https://github.com/jpadilla/pyjwt/pull/694&gt;`__
<p>Fixed</p>
<pre><code>- Assume JWK without the &amp;quot;use&amp;quot; claim is valid for signing as per RFC7517 `[#668](jpadilla/pyjwt#668) &amp;lt;https://github.com/jpadilla/pyjwt/pull/668&amp;gt;`__
- Prefer `headers[&amp;quot;alg&amp;quot;]` to `algorithm` in `jwt.encode()`. `[#673](jpadilla/pyjwt#673) &amp;lt;https://github.com/jpadilla/pyjwt/pull/673&amp;gt;`__
- Fix aud validation to support {'aud': null} case. `[#670](jpadilla/pyjwt#670) &amp;lt;https://github.com/jpadilla/pyjwt/pull/670&amp;gt;`__
- Make `typ` optional in JWT to be compliant with RFC7519. `[#644](jpadilla/pyjwt#644) &amp;lt;https://github.com/jpadilla/pyjwt/pull/644&amp;gt;`__
-  Remove upper bound on cryptography version. `[#693](jpadilla/pyjwt#693) &amp;lt;https://github.com/jpadilla/pyjwt/pull/693&amp;gt;`__

Added
</code></pre>
<ul>
<li>Add support for Ed448/EdDSA. <code>[#675](jpadilla/pyjwt#675) &amp;lt;https://github.com/jpadilla/pyjwt/pull/675&amp;gt;</code>__
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6223ba13780a941a3f4c9dec62f282bdd9b5afb0"><code>6223ba1</code></a> Bump up version to v2.2.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/697">#697</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/258d7bab0ecb86be91738ac1e23744429280acd1"><code>258d7ba</code></a> Use timezone package as Python 3.5+ is required (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/694">#694</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/a988e1a11e5abb5869dd641f3f4f6a5bb4e70fdf"><code>a988e1a</code></a> Chore: inline Variables that immediately Returned (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/690">#690</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/e7a6c022f3f2e5ba329cbadd242c788014926a7e"><code>e7a6c02</code></a> Add support for Ed448/EdDSA. (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/675">#675</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/19ce9c5ec7947428d35aaffd302eb2629210a697"><code>19ce9c5</code></a> Remove upper bound on cryptography version (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/693">#693</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9249fc70b5aede04c3dcb86e4b6560ab7e032563"><code>9249fc7</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/689">#689</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/fbc0e636bfe70d186a6650be47664527568cc55c"><code>fbc0e63</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/686">#686</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/2032df71cd195db44dcdd253ace68990812f7705"><code>2032df7</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/684">#684</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/63673619e0321a0b58f29a0b2f6626b5b7c3d2ec"><code>6367361</code></a> Assume JWK is valid for signing if &quot;use&quot; is omitted (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/668">#668</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5fe7f2b28ffcd27a3e520be750858944889112ef"><code>5fe7f2b</code></a> Remove arbitrary kwargs. (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/657">#657</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@lociii
Copy link

lociii commented Oct 8, 2021

This should have been published in a major release as it breaks compatibility on non-private methods.
e.g. the change on PyJWT.decode broke djangorestframework-simplejwt and therefore all systems relying on both libraries.

@dajiaji
Copy link
Contributor Author

dajiaji commented Oct 8, 2021

This change does not break the backward-compat to v2.0 and v2.1 from the aspect of API specs but I could not recognize that it broke the backward-compat to 1.7*. Sorry. It’s my responsibility.

But verify argument has already removed from decode() on version 2.0 substantially. To make users recognize the misuse, I think this change was needed (In this aspect, this change should have been done on version 2.0).

Anyway, you can support the latest version (2.2.0) by removing meaningless verify argument from decode(). I think it's very easy.

@dajiaji dajiaji mentioned this pull request Oct 11, 2021
Closed
auvipy added a commit that referenced this pull request Oct 12, 2021
@auvipy
Revert "Remove arbitrary kwargs. (#657)"
a4b3d50 
This reverts commit 5fe7f2b.
@auvipy auvipy mentioned this pull request Oct 12, 2021
Merged
auvipy added a commit that referenced this pull request Oct 15, 2021
@auvipy
Revert "Remove arbitrary kwargs. (#657)" (#701)
f9db1d7 
This reverts commit 5fe7f2b.
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request Nov 15, 2021
@dependabot @inmantaci
Bump pyjwt from 2.1.0 to 2.3.0 (PR #3449)
6d39817 
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.1.0 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p>
<blockquote>
<h2>2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/700">jpadilla/pyjwt#700</a></li>
<li>Add exception chaining by <a href="https://github.com/ehdgua01"><code>@​ehdgua01</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/702">jpadilla/pyjwt#702</a></li>
<li>Revert &quot;Remove arbitrary kwargs.&quot; by <a href="https://github.com/auvipy"><code>@​auvipy</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/701">jpadilla/pyjwt#701</a></li>
<li>Bump up version to v2.3.0 by <a href="https://github.com/jpadilla"><code>@​jpadilla</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/703">jpadilla/pyjwt#703</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ehdgua01"><code>@​ehdgua01</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/702">jpadilla/pyjwt#702</a></li>
<li><a href="https://github.com/auvipy"><code>@​auvipy</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/701">jpadilla/pyjwt#701</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0">https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0</a></p>
<h2>2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Complete <code>jwt</code> documentation by <a href="https://github.com/johachi"><code>@​johachi</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/654">jpadilla/pyjwt#654</a></li>
<li>Ignore coverage files generated during test runs by <a href="https://github.com/makusu2"><code>@​makusu2</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/617">jpadilla/pyjwt#617</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/656">jpadilla/pyjwt#656</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/658">jpadilla/pyjwt#658</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/667">jpadilla/pyjwt#667</a></li>
<li>Fix aud validation to support {'aud': null} case. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/670">jpadilla/pyjwt#670</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/678">jpadilla/pyjwt#678</a></li>
<li>Prefer headers['alg'] to algorithm parameter in encode(). by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/673">jpadilla/pyjwt#673</a></li>
<li>DOC: Clarify RSA encoding and decoding depend on the cryptography package by <a href="https://github.com/TPXP"><code>@​TPXP</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/664">jpadilla/pyjwt#664</a></li>
<li>Make typ optional by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/644">jpadilla/pyjwt#644</a></li>
<li>Remove arbitrary kwargs. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/657">jpadilla/pyjwt#657</a></li>
<li>Assume JWK is valid for signing if &quot;use&quot; is omitted by <a href="https://github.com/Klavionik"><code>@​Klavionik</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/668">jpadilla/pyjwt#668</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/684">jpadilla/pyjwt#684</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/686">jpadilla/pyjwt#686</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/689">jpadilla/pyjwt#689</a></li>
<li>Remove upper bound on cryptography version by <a href="https://github.com/riconnon"><code>@​riconnon</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/693">jpadilla/pyjwt#693</a></li>
<li>Add support for Ed448/EdDSA. by <a href="https://github.com/dajiaji"><code>@​dajiaji</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/675">jpadilla/pyjwt#675</a></li>
<li>Chore: inline Variables that immediately Returned by <a href="https://github.com/yezz123"><code>@​yezz123</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/690">jpadilla/pyjwt#690</a></li>
<li>Use timezone package as Python 3.5+ is required by <a href="https://github.com/kkirsche"><code>@​kkirsche</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/694">jpadilla/pyjwt#694</a></li>
<li>Bump up version to v2.2.0 by <a href="https://github.com/jpadilla"><code>@​jpadilla</code></a> in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/697">jpadilla/pyjwt#697</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TPXP"><code>@​TPXP</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/664">jpadilla/pyjwt#664</a></li>
<li><a href="https://github.com/Klavionik"><code>@​Klavionik</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/668">jpadilla/pyjwt#668</a></li>
<li><a href="https://github.com/riconnon"><code>@​riconnon</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/693">jpadilla/pyjwt#693</a></li>
<li><a href="https://github.com/yezz123"><code>@​yezz123</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/690">jpadilla/pyjwt#690</a></li>
<li><a href="https://github.com/kkirsche"><code>@​kkirsche</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/pull/694">jpadilla/pyjwt#694</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0">https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.3.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&gt;</code>__</h2>
<p>Fixed</p>
<pre><code>
- Revert &quot;Remove arbitrary kwargs.&quot; `[#701](jpadilla/pyjwt#701) &lt;https://github.com/jpadilla/pyjwt/pull/701&gt;`__
<p>Added
</code></pre></p>
<ul>
<li>Add exception chaining <code>[#702](jpadilla/pyjwt#702) &lt;https://github.com/jpadilla/pyjwt/pull/702&gt;</code>__</li>
</ul>
<h2><code>v2.2.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- Remove arbitrary kwargs. `[#657](jpadilla/pyjwt#657) &lt;https://github.com/jpadilla/pyjwt/pull/657&gt;`__
- Use timezone package as Python 3.5+ is required. `[#694](jpadilla/pyjwt#694) &lt;https://github.com/jpadilla/pyjwt/pull/694&gt;`__
<p>Fixed</p>
<pre><code>- Assume JWK without the &amp;quot;use&amp;quot; claim is valid for signing as per RFC7517 `[#668](jpadilla/pyjwt#668) &amp;lt;https://github.com/jpadilla/pyjwt/pull/668&amp;gt;`__
- Prefer `headers[&amp;quot;alg&amp;quot;]` to `algorithm` in `jwt.encode()`. `[#673](jpadilla/pyjwt#673) &amp;lt;https://github.com/jpadilla/pyjwt/pull/673&amp;gt;`__
- Fix aud validation to support {'aud': null} case. `[#670](jpadilla/pyjwt#670) &amp;lt;https://github.com/jpadilla/pyjwt/pull/670&amp;gt;`__
- Make `typ` optional in JWT to be compliant with RFC7519. `[#644](jpadilla/pyjwt#644) &amp;lt;https://github.com/jpadilla/pyjwt/pull/644&amp;gt;`__
-  Remove upper bound on cryptography version. `[#693](jpadilla/pyjwt#693) &amp;lt;https://github.com/jpadilla/pyjwt/pull/693&amp;gt;`__

Added
</code></pre>
<ul>
<li>Add support for Ed448/EdDSA. <code>[#675](jpadilla/pyjwt#675) &amp;lt;https://github.com/jpadilla/pyjwt/pull/675&amp;gt;</code>__
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/98620ab2a396a5c887a494259d49552c2093e1ad"><code>98620ab</code></a> Bump up version to v2.3.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/703">#703</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/f9db1d7b3acbe81daea7bc79cbc731f7c900221f"><code>f9db1d7</code></a> Revert &quot;Remove arbitrary kwargs. (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/657">#657</a>)&quot; (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/701">#701</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/828a20a47ef7af5cddfe12b482a90df07cd1b323"><code>828a20a</code></a> Add exception chaining (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/702">#702</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/cf545e4bfc087e863b7c7a2a2313d52fe8f107ca"><code>cf545e4</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/700">#700</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6223ba13780a941a3f4c9dec62f282bdd9b5afb0"><code>6223ba1</code></a> Bump up version to v2.2.0 (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/697">#697</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/258d7bab0ecb86be91738ac1e23744429280acd1"><code>258d7ba</code></a> Use timezone package as Python 3.5+ is required (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/694">#694</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/a988e1a11e5abb5869dd641f3f4f6a5bb4e70fdf"><code>a988e1a</code></a> Chore: inline Variables that immediately Returned (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/690">#690</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/e7a6c022f3f2e5ba329cbadd242c788014926a7e"><code>e7a6c02</code></a> Add support for Ed448/EdDSA. (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/675">#675</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/19ce9c5ec7947428d35aaffd302eb2629210a697"><code>19ce9c5</code></a> Remove upper bound on cryptography version (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/693">#693</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9249fc70b5aede04c3dcb86e4b6560ab7e032563"><code>9249fc7</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/689">#689</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.1.0...2.3.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.1.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
akx added a commit to akx/pyjwt that referenced this pull request Mar 30, 2022
@akx
Add a deprecation warning when jwt.decode() is called with the legacy…
c9eb148 
… verify= argument

Since the arbitrary/unused `**kwargs` can't quite be dropped (as jpadilla#657 would do) without
a major version bump (as reverted in jpadilla#701), it's still a good idea to warn users if they
are attempting to use contradictory arguments for the security-sensitive `verify=` argument.
akx added a commit to akx/pyjwt that referenced this pull request Mar 30, 2022
@akx
Add a deprecation warning when jwt.decode() is called with the legacy…
96bb562 
… verify= argument

Since the arbitrary/unused `**kwargs` can't quite be dropped (as jpadilla#657 would do) without
a major version bump (as reverted in jpadilla#701), it's still a good idea to warn users if they
are attempting to use contradictory arguments for the security-sensitive `verify=` argument.
@akx akx mentioned this pull request Mar 30, 2022
Merged
akx added a commit to akx/pyjwt that referenced this pull request Mar 30, 2022
@akx
Add a deprecation warning when jwt.decode() is called with the legacy…
22a5349 
… verify= argument

Since the arbitrary/unused `**kwargs` can't quite be dropped (as jpadilla#657 would do) without
a major version bump (as reverted in jpadilla#701), it's still a good idea to warn users if they
are attempting to use contradictory arguments for the security-sensitive `verify=` argument.
@akx akx mentioned this pull request Mar 30, 2022
Closed
auvipy pushed a commit that referenced this pull request Apr 5, 2022
@akx
Add a deprecation warning when jwt.decode() is called with the legacy…
1f1fe15 
… verify= argument (#742)

Since the arbitrary/unused `**kwargs` can't quite be dropped (as #657 would do) without
a major version bump (as reverted in #701), it's still a good idea to warn users if they
are attempting to use contradictory arguments for the security-sensitive `verify=` argument.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpadilla jpadilla jpadilla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

jwt.jws_api.PyJWS.decode_complete shouldn't accept kwargs argument
3 participants
@dajiaji @lociii @jpadilla