Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

bleach	2.0.0	»	2.1.2	PyPI | Changelog | Repo | Docs
pyjwt	1.4.1	»	1.5.3	PyPI | Changelog | Repo

Changelogs

bleach 2.0.0 -> 2.1.2

2.1.2

---

Security fixes

None

Backwards incompatible changes

None

Features

None

Bug fixes

• Support html5lib-python 1.0.1. (337)

• Add deprecation warning for supporting html5lib-python < 1.0.

• Switch to semver.

2.1.1

---

Security fixes

None

Backwards incompatible changes

None

Features

None

Bug fixes

• Fix setup.py opening files when LANG=. (324)

2.1

---

Security fixes

• Convert control characters (backspace particularly) to "?" preventing
  malicious copy-and-paste situations. (298)

See <https://github.com/mozilla/bleach/issues/298>_ for more details.

This affects all previous versions of Bleach. Check the comments on that
issue for ways to alleviate the issue if you can't upgrade to Bleach 2.1.

Backwards incompatible changes

• Redid versioning. bleach.VERSION is no longer available. Use the string
  version at bleach.__version__ and parse it with
  pkg_resources.parse_version. (307)

• clean, linkify: linkify and clean should only accept text types; thank you,
  Janusz! (292)

• clean, linkify: accept only unicode or utf-8-encoded str (176)

Features

Bug fixes

• bleach.clean() no longer unescapes entities including ones that are missing
  a ; at the end which can happen in urls and other places. (143)

• linkify: fix http links inside of mailto links; thank you, sedrubal! (300)

• clarify security policy in docs (303)

• fix dependency specification for html5lib 1.0b8, 1.0b9, and 1.0b10; thank you,
  Zoltán! (268)

• add Bleach vs. html5lib comparison to README; thank you, Stu Cox! (278)

• fix KeyError exceptions on tags without href attr; thank you, Alex Defsen!
  (273)

• add test website and scripts to test bleach.clean() output in browser;
  thank you, Greg Guthe!

pyjwt 1.4.1 -> 1.5.3

1.5.3

1.5.2

1.5.01.5.0

---

Changed

• Add support for ECDSA public keys in RFC 4253 (OpenSSH) format 244
• Renamed commandline script jwt to jwt-cli to avoid issues with the script clobbering the jwt module in some circumstances. 187
• Better error messages when using an algorithm that requires the cryptography package, but it isn't available 230
• Tokens with future 'iat' values are no longer rejected 190
• Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
• Remove rejection of future 'iat' claims 252

Fixed

• Add back 'ES512' for backward compatibility (for now) 225
• Fix incorrectly named ECDSA algorithm 219
• Fix rpm build 196

Added

• Add JWK support for HMAC and RSA keys 202

1.5.1

1.5.0

1.4.21.4.2

---

Fixed

• A PEM-formatted key encoded as bytes could cause a TypeError to be raised 213

1.4.11.4.1

---

Fixed

• Newer versions of Pytest could not detect warnings properly 182
• Non-string 'kid' value now raises InvalidTokenError 174
• jwt.decode(None) now gracefully fails with InvalidTokenError 183

1.4.2

Once you have closed this pull request, I'll create separate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖