Bump pyjwt from 2.3.0 to 2.4.0 (#1743)

* Bump pyjwt from 2.3.0 to 2.4.0 Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update pyjwt==2.4.0 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-07-06 13:11:15 -07:00 · 2022-05-16 20:56:13 -07:00 · 2022-05-16 20:56:13 -07:00 · b3aeaafd00
commit b3aeaafd00
parent d17015de44
9 changed files with 171 additions and 61 deletions
--- a/lib/jwt/api_jwt.py
+++ b/lib/jwt/api_jwt.py
@ -1,4 +1,5 @@
 import json
+import warnings
 from calendar import timegm
 from collections.abc import Iterable, Mapping
 from datetime import datetime, timedelta, timezone
@ -66,14 +67,23 @@ class PyJWT:
        self,
        jwt: str,
        key: str = "",
-        algorithms: List[str] = None,
-        options: Dict = None,
+        algorithms: Optional[List[str]] = None,
+        options: Optional[Dict] = None,
        **kwargs,
    ) -> Dict[str, Any]:
-        if options is None:
-            options = {"verify_signature": True}
-        else:
-            options.setdefault("verify_signature", True)
+        options = dict(options or {})  # shallow-copy or initialize an empty dict
+        options.setdefault("verify_signature", True)
+
+        # If the user has set the legacy `verify` argument, and it doesn't match
+        # what the relevant `options` entry for the argument is, inform the user
+        # that they're likely making a mistake.
+        if "verify" in kwargs and kwargs["verify"] != options["verify_signature"]:
+            warnings.warn(
+                "The `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. "
+                "The equivalent is setting `verify_signature` to False in the `options` dictionary. "
+                "This invocation has a mismatch between the kwarg and the option entry.",
+                category=DeprecationWarning,
+            )

        if not options["verify_signature"]:
            options.setdefault("verify_exp", False)
@ -98,7 +108,7 @@ class PyJWT:
        try:
            payload = json.loads(decoded["payload"])
        except ValueError as e:
-            raise DecodeError("Invalid payload string: %s" % e)
+            raise DecodeError(f"Invalid payload string: {e}")
        if not isinstance(payload, dict):
            raise DecodeError("Invalid payload string: must be a json object")

@ -112,8 +122,8 @@ class PyJWT:
        self,
        jwt: str,
        key: str = "",
-        algorithms: List[str] = None,
-        options: Dict = None,
+        algorithms: Optional[List[str]] = None,
+        options: Optional[Dict] = None,
        **kwargs,
    ) -> Dict[str, Any]:
        decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)