chore(deps): update dependency python-jose to v3.4.0 [security] - abandoned#577
Open
renovate-bot wants to merge 2 commits into
Open
Conversation
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 28, 2025 12:24
9ff607b to
a05aeb9
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 29, 2025 03:49
a05aeb9 to
de7e61d
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 29, 2025 11:50
de7e61d to
097c8cf
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 30, 2025 00:18
097c8cf to
8f38ddc
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 30, 2025 07:42
8f38ddc to
94247c1
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 30, 2025 20:45
94247c1 to
6f16bb4
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 31, 2025 07:26
6f16bb4 to
5cb2557
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 31, 2025 14:57
5cb2557 to
267d07b
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
May 31, 2025 23:01
267d07b to
78fa5e9
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 3, 2025 03:32
5f20952 to
f3b77bc
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 3, 2025 12:48
f3b77bc to
98fb607
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 3, 2025 22:59
98fb607 to
673ea30
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 4, 2025 07:19
673ea30 to
1543641
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 4, 2025 20:12
1543641 to
351bb74
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 5, 2025 03:29
351bb74 to
04282d8
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 5, 2025 12:12
04282d8 to
d7e69f5
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 7, 2025 00:59
d7e69f5 to
1f33783
Compare
renovate-bot
force-pushed
the
renovate/pypi-python-jose-vulnerability
branch
from
June 7, 2025 11:42
1f33783 to
2cf249b
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==3.3.0→==3.4.0GitHub Vulnerability Alerts
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
Release Notes
mpdavis/python-jose (python-jose)
v3.4.0Compare Source
News
Bug fixes and Improvements
CryptographyAESKey::encryptto generate 96 bit IVs for GCM blockcipher mode
Housekeeping
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.