chore(deps): update dependency python-jose to v3.4.0 [security] #577

renovate-bot · 2025-02-19T00:46:51Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
python-jose (changelog)	`==3.3.0` -> `==3.4.0`

GitHub Vulnerability Alerts

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Release Notes

mpdavis/python-jose (python-jose)

`v3.4.0`

Compare Source

News

Remove support for Python 3.6 and 3.7
Added support for Python 3.10 and 3.11

Bug fixes and Improvements

Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block
cipher mode
Fix for PEM key comparisons caused by line lengths and new lines
Fix for CVE-2024-33664 - JWE limited to 250KiB
Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

Updated Github Actions Workflows
Updated to use tox 4.x
Revise codecov integration
Fixed DeprecationWarnings

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot requested a review from a team as a code owner February 19, 2025 00:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 9ff607b to a05aeb9 Compare May 28, 2025 12:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from a05aeb9 to de7e61d Compare May 29, 2025 03:49

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from de7e61d to 097c8cf Compare May 29, 2025 11:50

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 097c8cf to 8f38ddc Compare May 30, 2025 00:18

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 8f38ddc to 94247c1 Compare May 30, 2025 07:42

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 94247c1 to 6f16bb4 Compare May 30, 2025 20:45

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 6f16bb4 to 5cb2557 Compare May 31, 2025 07:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 5cb2557 to 267d07b Compare May 31, 2025 14:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 267d07b to 78fa5e9 Compare May 31, 2025 23:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 1, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 1, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from fbd9e6a to 5f86e5c Compare June 1, 2025 22:30

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 1, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 1, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 5f86e5c to 40fa9fe Compare June 2, 2025 07:14

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 2, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 2, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 40fa9fe to 5f20952 Compare June 2, 2025 16:39

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 2, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 2, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 5f20952 to f3b77bc Compare June 3, 2025 03:32

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from f3b77bc to 98fb607 Compare June 3, 2025 12:48

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 98fb607 to 673ea30 Compare June 3, 2025 22:59

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 3, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 673ea30 to 1543641 Compare June 4, 2025 07:19

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 4, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 4, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 1543641 to 351bb74 Compare June 4, 2025 20:12

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 4, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 4, 2025

chore(deps): update dependency python-jose to v3.4.0 [security]

04282d8

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 351bb74 to 04282d8 Compare June 5, 2025 03:29

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 5, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 5, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

chore(deps): update dependency python-jose to v3.4.0 [security] #577

renovate-bot commented Feb 19, 2025

Uh oh!

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Are you sure you want to change the base?

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Conversation

renovate-bot commented Feb 19, 2025

GitHub Vulnerability Alerts

CVE-2024-33664

CVE-2024-33663

Release Notes

v3.4.0

News

Bug fixes and Improvements

Housekeeping

Configuration

Uh oh!

Uh oh!

`v3.4.0`