File python-djangorestframework-simplejwt.changes of Package python-djangorestframework-simplejwt
-------------------------------------------------------------------
Mon Nov 3 09:29:49 UTC 2025 - Markéta Machová <mmachova@suse.com>
- Update to 5.5.1 (CVE-2024-22513, bsc#1221568)
* Changed string formatting in views
* Enhance BlacklistMixin with Generic Type for Accurate Type Inference
* Improve type of Token.for_user to allow subclasses
* Fix the Null value of the OutstandingToken of the BlacklistMixin.blacklist
* Add option to allow inactive user authentication and token generation
* Add support for EdDSA and other algorithms in jwt.algorithms.requires_cryptography
* Drop Django <4.2, DRF <3.14, Python <3.9. Note, many deprecated versions are only
officially not supported but probably still work fine.
* Add specific "token expired" exceptions
* Fix user_id type mismatch when user claim is not pk
* Caching signing key
* fix: add missing migration for token_blacklist app
* docs: Add warning in docs for for_user usage
* feat: log warning if token is being created for inactive user
* fix: always stringify user_id claim
- Drop fix-tests.patch, merged upstream
-------------------------------------------------------------------
Mon Nov 11 16:58:30 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Add missing dependency
-------------------------------------------------------------------
Fri Jul 19 11:26:13 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Add upstream patch fix-tests.patch to fix tests with Django 5
-------------------------------------------------------------------
Mon Jun 24 04:49:38 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
- Switch back to PyPi tarball.
- Inject setuptools_scm so we install the correct version number.
- Switch to autosetup macro.
- No more greedy globs in %files.
-------------------------------------------------------------------
Tue Jun 18 14:02:32 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Update to 5.3.1
* Breaking: Set BLACKLIST_AFTER_ROTATION by default to False
* Remove EOL Python, Django and DRF version support
* Remove verify from jwt.decode to follow PyJWT v2.2.0
* Add blacklist view to log out users
* Add JWKS support
* Add back support for PyJWT 1.7.1
* Allow customizing token JSON encoding
* Revoke access token if user password is changed
* Declare support for type checking
* Many more changes, see CHANGELOG.md
- Drop patch jwt2.patch, included upstream.
-------------------------------------------------------------------
Wed Mar 27 05:20:10 UTC 2024 - Max Lin <mlin@suse.com>
- Add %{?sle15_python_module_pythons}
-------------------------------------------------------------------
Wed Mar 31 14:25:07 UTC 2021 - Markéta Machová <mmachova@suse.com>
- Update to 4.6.0
* Restored Python 3.7 support
* Added Indonesian translations
* Fixed Django 4.0 re_path deprecation
- Add patch jwt2.patch for PyJWT>=2.0.0 support
-------------------------------------------------------------------
Fri Jul 24 07:55:24 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
- Update to v4.4.0
* Added official support for Python 3.8 and Django 3.0.
* Added settings for expected audience and issuer claims.
* Documentation updates.
* Updated package/python version support
* Added Chilean Spanish language support.
* Added Russian language support.
-------------------------------------------------------------------
Fri Sep 13 08:46:31 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 4.3.0:
* Added JTI_CLAIM setting to allow storing token identifiers under a different claim.
* We now return HTTP 401 for user not found or inactive.
* Restricted setup.py config to Python 3 only.
* Included translation files in release package.
-------------------------------------------------------------------
Tue Apr 9 02:39:36 PM UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Initial spec for v4.1.3
