chore(deps): update dependency python-jose to v3.4.0 [security] #577

renovate-bot · 2025-02-19T00:46:51Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
python-jose (changelog)	`==3.3.0` -> `==3.4.0`

GitHub Vulnerability Alerts

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Release Notes

mpdavis/python-jose (python-jose)

`v3.4.0`

Compare Source

News

Remove support for Python 3.6 and 3.7
Added support for Python 3.10 and 3.11

Bug fixes and Improvements

Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block
cipher mode
Fix for PEM key comparisons caused by line lengths and new lines
Fix for CVE-2024-33664 - JWE limited to 250KiB
Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

Updated Github Actions Workflows
Updated to use tox 4.x
Revise codecov integration
Fixed DeprecationWarnings

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot requested a review from a team as a code owner February 19, 2025 00:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 9ff607b to a05aeb9 Compare May 28, 2025 12:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renov 10000 ate/pypi-python-jose-vulnerability branch from a05aeb9 to de7e61d Compare May 29, 2025 03:49

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from de7e61d to 097c8cf Compare May 29, 2025 11:50

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 097c8cf to 8f38ddc Compare May 30, 2025 00:18

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 8f38ddc to 94247c1 Compare May 30, 2025 07:42

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 94247c1 to 6f16bb4 Compare May 30, 2025 20:45

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 6f16bb4 to 5cb2557 Compare May 31, 2025 07:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 5cb2557 to 267d07b Compare May 31, 2025 14:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 267d07b to 78fa5e9 Compare May 31, 2025 23:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 8, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 8, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from c156814 to c9458c4 Compare June 9, 2025 08:27

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 9, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from c9458c4 to 1c0ee6d Compare June 9, 2025 21:17

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 9, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 9, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 1c0ee6d to 88df4b8 Compare June 10, 2025 15:03

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 10, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 10, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 88df4b8 to e72e13a Compare June 11, 2025 04:09

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from e72e13a to de672ad Compare June 11, 2025 18:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from de672ad to d52f00d Compare June 12, 2025 09:40

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 12, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from d52f00d to 9239068 Compare June 12, 2025 23:42

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 12, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 12, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 9239068 to 4bb2354 Compare June 13, 2025 09:04

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025

chore(deps): update dependency python-jose to v3.4.0 [security]

7d47456

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 4bb2354 to 7d47456 Compare June 13, 2025 23:44

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Uh oh!

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Are you sure you want to change the base?

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Conversation

GitHub Vulnerability Alerts

CVE-2024-33664

CVE-2024-33663

Release Notes

v3.4.0

News

Bug fixes and Improvements

Housekeeping

Configuration

Uh oh!

Uh oh!

`v3.4.0`