chore(deps): update dependency python-jose to v3.4.0 [security] #577

renovate-bot · 2025-02-19T00:46:51Z

This PR contains the following updates:

Package	Change	Age	Confidence
python-jose (changelog)	`==3.3.0` -> `==3.4.0`

GitHub Vulnerability Alerts

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Release Notes

mpdavis/python-jose (python-jose)

`v3.4.0`

Compare Source

News

Remove support for Python 3.6 and 3.7
Added support for Python 3.10 and 3.11

Bug fixes and Improvements

Updating CryptographyAESKey::encrypt to generate 96 bit IVs for GCM block
cipher mode
Fix for PEM key comparisons caused by line lengths and new lines
Fix for CVE-2024-33664 - JWE limited to 250KiB
Fix for CVE-2024-33663 - signing JWT with public key is now forbidden
Replace usage of deprecated datetime.utcnow() with datetime.now(UTC)

Housekeeping

Updated Github Actions Workflows
Updated to use tox 4.x
Revise codecov integration
Fixed DeprecationWarnings

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot requested a review from a team as a code owner February 19, 2025 00:46

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 19, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 9ff607b to a05aeb9 Compare May 28, 2025 12:24

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 28, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from a05aeb9 to de7e61d Compare May 29, 2025 03:49

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from de7e61d to 097c8cf Compare May 29, 2025 11:50

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 29, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 097c8cf to 8f38ddc Compare May 30, 2025 00:18

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 8f38ddc to 94247c1 Compare May 30, 2025 07:42

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 94247c1 to 6f16bb4 Compare May 30, 2025 20:45

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 30, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 6f16bb4 to 5cb2557 Compare May 31, 2025 07:26

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 5cb2557 to 267d07b Compare May 31, 2025 14:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 267d07b to 78fa5e9 Compare May 31, 2025 23:01

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 31, 2025

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 18, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 18, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 0afae00 to c01113d Compare July 19, 2025 08:22

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 19, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 19, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from c01113d to 065ab76 Compare July 19, 2025 20:11

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 19, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 19, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 065ab76 to 944d3f5 Compare July 20, 2025 03:32

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 944d3f5 to fedb360 Compare July 20, 2025 12:08

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from fedb360 to eb074f9 Compare July 20, 2025 19:29

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 20, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from eb074f9 to 191c38d Compare July 21, 2025 03:55

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 21, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 21, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from 191c38d to d592600 Compare July 21, 2025 20:48

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 21, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 21, 2025

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from d592600 to c33d47b Compare July 22, 2025 15:47

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 22, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 22, 2025

chore(deps): update dependency python-jose to v3.4.0 [security]

b487f85

renovate-bot force-pushed the renovate/pypi-python-jose-vulnerability branch from c33d47b to b487f85 Compare July 23, 2025 04:57

trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 23, 2025

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Uh oh!

Uh oh!

Uh oh!

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Are you sure you want to change the base?

chore(deps): update dependency python-jose to v3.4.0 [security] #577

Uh oh!

Conversation

Uh oh!

GitHub Vulnerability Alerts

CVE-2024-33664

CVE-2024-33663

Release Notes

v3.4.0

News

Bug fixes and Improvements

Housekeeping

Configuration

Uh oh!

Uh oh!

`v3.4.0`