chore(deps)(deps): bump pyjwt from 2.10.1 to 2.11.0

[dependabot]

Bumps pyjwt from 2.10.1 to 2.11.0.

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

• Fixed type error in comment by @​shuhaib-aot in jpadilla/pyjwt#1026
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1018
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1033
• Make note of use of leeway with nbf by @​djw8605 in jpadilla/pyjwt#1034
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1035
• Fixes #964: Validate key against allowed types for Algorithm family by @​pachewise in jpadilla/pyjwt#985
• Feat #1024: Add iterator for PyJWKSet by @​pachewise in jpadilla/pyjwt#1041
• Fixes #1039: Add iss, issuer type checks by @​pachewise in jpadilla/pyjwt#1040
• Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @​pachewise in jpadilla/pyjwt#1045
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1042
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1052
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1053
• Fix #1022: Map algorithm=None to "none" by @​qqii in jpadilla/pyjwt#1056
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1055
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1058
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1060
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1061
• Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @​khvn26 in jpadilla/pyjwt#1048
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1062
• Fixed doc string typo in _validate_jti() function #1063 by @​kuldeepkhatke in jpadilla/pyjwt#1064
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1065
• Update SECURITY.md by @​auvipy in jpadilla/pyjwt#1057
• Typing fix: use float instead of int for lifespan and timeout by @​nikitagashkov in jpadilla/pyjwt#1068
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1067
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1071
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1076
• Fix TYP header documentation by @​fobiasmog in jpadilla/pyjwt#1046
• doc: Document claims sub and jti by @​cleder in jpadilla/pyjwt#1088
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1077
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1089
• Bump actions/stale from 8 to 10 by @​dependabot[bot] in jpadilla/pyjwt#1090
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jpadilla/pyjwt#1083
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1091
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1093
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1096
• Resolve package build warnings by @​kurtmckee in jpadilla/pyjwt#1105
• Support Python 3.14, and test against PyPy 3.10+ by @​kurtmckee in jpadilla/pyjwt#1104
• Fix a SyntaxWarning caused by invalid escape sequences by @​kurtmckee in jpadilla/pyjwt#1103
• Standardize CHANGELOG links to PRs by @​kurtmckee in jpadilla/pyjwt#1110
• Migrate from pep517, which is deprecated, to build by @​kurtmckee in jpadilla/pyjwt#1108
• Fix incorrectly-named test suite function by @​kurtmckee in jpadilla/pyjwt#1116
• Fix Read the Docs builds by @​kurtmckee in jpadilla/pyjwt#1111
• Bump actions/download-artifact from 4 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1118
• Escalate test suite warnings to errors by @​kurtmckee in jpadilla/pyjwt#1107
• Add pyupgrade as a pre-commit hook by @​kurtmckee in jpadilla/pyjwt#1109
• Simplify the test suite decorators by @​kurtmckee in jpadilla/pyjwt#1113
• Improve coverage config and eliminate unused test suite code by @​kurtmckee in jpadilla/pyjwt#1115
• Build a shared wheel once in the test suite by @​kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added

• Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
• Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
• Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
• Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
• Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
• Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
• Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
• Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
• Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

• 697344d bump up version
• e4d0aec fix: pre-commit
• df9a6a0 fix: failing test
• 2b2e53c fix: docs
• 635c8d8 fix: failing mypy
• 96ae356 feat: add minimum key length validation for HMAC and RSA
• 5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
• 04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
• dd44834 Fix leeway value in usage documentation (#1124)
• 407f0bd Thoroughly test type annotations, and resolve errors (#1112)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[touale]

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@touale, hello! I see you've mentioned me on this PR.

This is a dependency update for PyJWT from 2.10.1 to 2.11.0. Some notable changes in this release include:

Security & Validation Improvements:

• Minimum key length validation for HMAC and RSA keys (addresses CWE-326)
• Enforced ECDSA curve validation per RFC 7518
• Validation that iss claim is a string during encoding/decoding

Other Enhancements:

• Python 3.14 support
• Improved type annotations
• Iterator support for PyJWKSet
• Various bug fixes and documentation improvements

How can I help you with this PR? Would you like me to:

• Review the changes in detail?
• Check if there are any breaking changes that might affect your codebase?
• Verify compatibility with your existing code?
• Something else?

[touale]

@coderabbitai Review this pr

[coderabbitai]

@touale, I'll review this PR for you right away. I'll analyze the dependency update from PyJWT 2.10.1 to 2.11.0 and check for any potential compatibility issues or breaking changes that might affect your codebase.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/uv/pyjwt-2.11.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}