Skip to content

build(deps): update jwcrypto requirement from >=1.5.7 to >=1.5.8#14388

Merged
giohappy merged 1 commit into
masterfrom
dependabot/pip/jwcrypto-gte-1.5.8
Jul 13, 2026
Merged

build(deps): update jwcrypto requirement from >=1.5.7 to >=1.5.8#14388
giohappy merged 1 commit into
masterfrom
dependabot/pip/jwcrypto-gte-1.5.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Updates the requirements on jwcrypto to permit the latest version.

Release notes

Sourced from jwcrypto's releases.

Version 1.5.8

What's Changed

New Contributors

Full Changelog: latchset/jwcrypto@v1.5.7...v1.5.8

Commits
  • eb7c266 Bump version to 1.5.8
  • db93855 jwt: add opt-in strict_serialization to enforce compact form
  • dfd1bb2 Wrap JWKSet parsing errors in InvalidJWKValue
  • db03d4c fix: bump minimum cryptography dependency to >= 39.0.0
  • d9aef6d Update CI for Python 3.14 and bump actions
  • f79b545 Add Python 3.14 to tox environments
  • 7e87cf4 Fix list iteration in claim format validation
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [jwcrypto](https://github.com/latchset/jwcrypto) to permit the latest version.
- [Release notes](https://github.com/latchset/jwcrypto/releases)
- [Commits](latchset/jwcrypto@v1.5.7...v1.5.8)

---
updated-dependencies:
- dependency-name: jwcrypto
  dependency-version: 1.5.8
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 29, 2026
@cla-bot cla-bot Bot added the cla-signed CLA Bot: community license agreement signed label Jun 29, 2026
@giohappy giohappy self-requested a review July 13, 2026 10:08
@giohappy

Copy link
Copy Markdown
Contributor

@giohappy giohappy merged commit 085b8c5 into master Jul 13, 2026
25 checks passed
@giohappy giohappy deleted the dependabot/pip/jwcrypto-gte-1.5.8 branch July 13, 2026 10:55
@github-actions

Copy link
Copy Markdown
Contributor

The backport to 5.0.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-5.0.x 5.0.x
# Navigate to the new working tree
cd .worktrees/backport-5.0.x
# Create a new branch
git switch --create backport-14388-to-5.0.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 085b8c518a9b98511d451332a12f6cbe72262e72
# Push it to GitHub
git push --set-upstream origin backport-14388-to-5.0.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.0.x

Then, create a pull request where the base branch is 5.0.x and the compare/head branch is backport-14388-to-5.0.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport 5.0.x backport 5.1.x cla-signed CLA Bot: community license agreement signed dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant