Bump python-jose from 3.0.1 to 3.3.0

[dependabot-preview]

Bumps python-jose from 3.0.1 to 3.3.0.

Release notes

Sourced from python-jose's releases.

3.3.0 -- 2020-06-04

News

• Remove support for python 2.7 & 3.5
• Add support for Python 3.9
• Remove PyCrypto backend
• Fix deprecation warning from cryptography backend

Housekeeping

• Switched from Travis CI to Github Actions
• Added iSort & Black
• Run CI Tests under Mac OS & Windows.
• Updated Syntax to use Python 3.6+
• Upgrade to latest pytest, remove used dev requirements.

Small fixes

Changes

News

• This will be the last release supporting Python 2.7, 3.5, and the PyCrypto backend. This will be the penultimate release supporting Python 2.7, 3.5, and the PyCrypto backend.

Bug fixes and Improvements

• Use hmac.compare_digest instead of our own constant_time_string_compare #163
• Fix to_dict output, which should always be JSON encodeable. #139 and #165 (fixes #127 and #137)
• Require setuptools >= 39.2.0 #167 (fixes #161)
• Emit a warning when verifying with a private key #168 (fixes #53 and #142)
• Avoid loading python-ecdsa when using the cryptography backend, and pinned python-ecdsa dependency to <0.15 #178

Housekeeping

• Fixed some typos #160, #162, and #164

Special Thanks

• @​asherf
• @​bthaqi
• @​galak-fyyar
• @​zejn
• @​piedrahitapablo
• @​dumptyd
• @​friedcell
• @​bdraco

... (truncated)

Changelog

Sourced from python-jose's changelog.

3.3.0 -- 2021-06-04

News

• Remove support for python 2.7 & 3.5
• Add support for Python 3.9
• Remove PyCrypto backend
• Fix deprecation warning from cryptography backend

Housekeeping

• Switched from Travis CI to Github Actions
• Added iSort & Black
• Run CI Tests under Mac OS & Windows.
• Updated Syntax to use Python 3.6+
• Upgrade to latest pytest, remove used dev requirements.

3.2.0 -- 2020-07-29

News

• This will be the last release supporting Python 2.7, 3.5, and the PyCrypto backend.

Bug fixes and Improvements

• Use hmac.compare_digest instead of our own constant_time_string_compare #163
• Fix to_dict output, which should always be JSON encodeable. #139 and #165 (fixes #127 and #137)
• Require setuptools >= 39.2.0 #167 (fixes #161)
• Emit a warning when verifying with a private key #168 (fixes #53 and #142)
• Avoid loading python-ecdsa when using the cryptography backend, and pinned python-ecdsa dependency to <0.15 #178

Housekeeping

• Fixed some typos #160, #162, and #164

3.1.0 -- 2019-12-10

This is a greatly overdue release.

Features

• Improve JWT.decode() #76 (fixes #75)
• Sort headers when serializing to allow for headless JWT #136 (fixes #80)
• Adjust dependency handling

... (truncated)

Commits

• e5fcca2 Prepare release 3.3.0 (#260)
• 47edfc5 Remove more python 2 compatibility code. (#259)
• efe41c3 Fix compatibility issue - ecdsa Curve is not hashable. (#261)
• e724fa0 fix readme. (#258)
• fccbcf4 Add black (#256)
• 111e2a1 remove travis config (#257)
• ea6979e Add more OS (windows, mac-os) support (#246)
• e44cbc8 Remove more usages of six (#253)
• 5fb8673 Add pyproject.toml w/ isort config, add tox command to run lint fixes (#255)
• 36dde95 Add isort (#252)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)