Sourced from pyjwt's releases.

2.12.0

Security

• Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @​dmbs335 in GHSA-752w-5fwx-jx9f

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1132
• chore(docs): fix docs build by @​tamird in jpadilla/pyjwt#1137
• Annotate PyJWKSet.keys for pyright by @​tamird in jpadilla/pyjwt#1134
• fix: close HTTPError to prevent ResourceWarning on Python 3.14 by @​veeceey in jpadilla/pyjwt#1133
• chore: remove superfluous constants by @​tamird in jpadilla/pyjwt#1136
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1135
• chore(tests): enable mypy by @​tamird in jpadilla/pyjwt#1138
• Bump actions/download-artifact from 7 to 8 by @​dependabot[bot] in jpadilla/pyjwt#1142
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1141
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1145
• fix: do not store reference to algorithms dict on PyJWK by @​akx in jpadilla/pyjwt#1143
• Use PyJWK algorithm when encoding without explicit algorithm by @​jpadilla in jpadilla/pyjwt#1148

New Contributors

• @​tamird made their first contribution in jpadilla/pyjwt#1137
• @​veeceey made their first contribution in jpadilla/pyjwt#1133

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0

Sourced from pyjwt's changelog.

v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>__

Fixed

- Annotate PyJWKSet.keys for pyright by @tamird in `[#1134](https://github.com/jpadilla/pyjwt/issues/1134) <https://github.com/jpadilla/pyjwt/pull/1134>`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @veeceey in `[#1133](https://github.com/jpadilla/pyjwt/issues/1133) <https://github.com/jpadilla/pyjwt/pull/1133>`__
- Do not keep ``algorithms`` dict in PyJWK instances by @akx in `[#1143](https://github.com/jpadilla/pyjwt/issues/1143) <https://github.com/jpadilla/pyjwt/pull/1143>`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__
- Use PyJWK algorithm when encoding without explicit algorithm in `[#1148](https://github.com/jpadilla/pyjwt/issues/1148) <https://github.com/jpadilla/pyjwt/pull/1148>`__
Added

• Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

• bd9700c Use PyJWK algorithm when encoding without explicit algorithm (#1148)
• 051ea34 Merge commit from fork
• 1451d70 fix: do not store reference to algorithms dict on PyJWK (#1143)
• f3ba74c [pre-commit.ci] pre-commit autoupdate (#1145)
• 0318ffa [pre-commit.ci] pre-commit autoupdate (#1141)
• a52753d Bump actions/download-artifact from 7 to 8 (#1142)
• b85050f chore(tests): enable mypy (#1138)
• 1272b26 [pre-commit.ci] pre-commit autoupdate (#1135)
• 99a8728 chore: remove superfluous constants (#1136)
• 412cb67 fix: close HTTPError to prevent ResourceWarning on Python 3.14 (#1133)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)