Update dependency djangorestframework-simplejwt to v5.5.1 #56

Open

Renovate wants to merge 1 commit from renovate/djangorestframework-simplejwt-5.x into react-django

Renovate commented

2026-04-05 13:29:56 +02:00

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
djangorestframework-simplejwt	`==5.3.1` → `==5.5.1`

Release Notes

jazzband/djangorestframework-simplejwt (djangorestframework-simplejwt)

`v5.5.1`

Compare Source

Missing Migration for rest_framework_simplejwt.token_blacklist app. A previously missing migration (0013_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it.

Notes for Users
If you previously ran makemigrations in production and have a 0013_blacklist migration in your django_migrations table, follow these steps before upgrading:

Roll back to the last known migration:

python manage.py migrate rest_framework_simplejwt.token_blacklist 0012

Upgrade djangorestframework-simplejwt to the latest version.
Apply the migrations correctly:

python manage.py migrate

Important: If other migrations depend on 0013_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity.

fix: add missing migration for token_blacklist app by @juanbailon in #894
🌐 Fix typos and improve clarity in es_AR translations by @fabianfalon in #876
docs: Add warning in docs for for_user usage by @vgrozdanic in #872
feat: log warning if token is being created for inactive user by @vgrozdanic in #873
ref: full tracebacks on exceptions by @vgrozdanic in #870
#858 New i18n messages by @Cloves23 in #879
Repair the type annotations in the TokenViewBase class. by @triplepoint in #880
fix: Token.outstand forces users to install blacklist app by @Andrew-Chen-Wang in #884
fix: PytestConfigWarning Unknown config option: python_paths by @vgrozdanic in #886
fix: Do not copy iat claim from refresh token by @vgrozdanic in #888
fix: add missing migration for token_blacklist app by @juanbailon in #894
Update Persian translations (fa, fa_IR) for Django application by @mahdirahimi1999 in #897
fix: always stringify user_id claim in #887

`v5.5.0`

Compare Source

Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by @grayver in #843
Add specific "token expired" exceptions by @vainu-arto in #830
Fix user_id type mismatch when user claim is not pk by @jdg-journeyfront in #851
Caching signing key by @henryfool91 in #859
Adds new refresh tokens to OutstandingToken db. by @thecarpetjasp in #866

`v5.4.0`

Compare Source

Changed string formatting in views by @Egor-oop in #750
Enhance BlacklistMixin with Generic Type for Accurate Type Inference by @Dresdn in #768
Improve type of Token.for_user to allow subclasses by @sterliakov in #776
Fix the Null value of the OutstandingToken of the BlacklistMixin.blacklist by @JaeHyuckSa in #806
Fix: Disable refresh token for inactive user. by @ajay09 in #814
Add option to allow inactive user authentication and token generation by @zxkeyy in #834
Drop Django <4.2, DRF <3.14, Python <3.9 by @Andrew-Chen-Wang in #839
- Note, many deprecated versions are only officially not supported but probably still work fine.
Add support for EdDSA and other algorithms in jwt.algorithms.requires_cryptography (#822) #823

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [djangorestframework-simplejwt](https://github.com/jazzband/djangorestframework-simplejwt) | `==5.3.1` → `==5.5.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/djangorestframework-simplejwt/5.5.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/djangorestframework-simplejwt/5.3.1/5.5.1?slim=true) | --- ### Release Notes <details> <summary>jazzband/djangorestframework-simplejwt (djangorestframework-simplejwt)</summary> ### [`v5.5.1`](https://github.com/jazzband/djangorestframework-simplejwt/blob/HEAD/CHANGELOG.md#551) [Compare Source](https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.5.0...v5.5.1) Missing Migration for rest\_framework\_simplejwt.token\_blacklist app. A previously missing migration (0013\_blacklist) has now been added. This issue arose because the migration file was mistakenly not generated earlier. This migration was never part of an official release, but users following the latest master branch may have encountered it. **Notes for Users** If you previously ran makemigrations in production and have a 0013\_blacklist migration in your django\_migrations table, follow these steps before upgrading: 1. Roll back to the last known migration: ```bash python manage.py migrate rest_framework_simplejwt.token_blacklist 0012 ``` 2. Upgrade djangorestframework-simplejwt to the latest version. 3. Apply the migrations correctly: ```bash python manage.py migrate ``` **Important**: If other migrations depend on 0013\_blacklist, be cautious when removing it. You may need to adjust or regenerate dependent migrations to ensure database integrity. - fix: add missing migration for token\_blacklist app by [@juanbailon](https://github.com/juanbailon) in [#894](https://github.com/jazzband/djangorestframework-simplejwt/pull/894) - :globe\_with\_meridians: Fix typos and improve clarity in es\_AR translations by [@fabianfalon](https://github.com/fabianfalon) in [#876](https://github.com/jazzband/djangorestframework-simplejwt/pull/876) - docs: Add warning in docs for `for_user` usage by [@vgrozdanic](https://github.com/vgrozdanic) in [#872](https://github.com/jazzband/djangorestframework-simplejwt/pull/872) - feat: log warning if token is being created for inactive user by [@vgrozdanic](https://github.com/vgrozdanic) in [#873](https://github.com/jazzband/djangorestframework-simplejwt/pull/873) - ref: full tracebacks on exceptions by [@vgrozdanic](https://github.com/vgrozdanic) in [#870](https://github.com/jazzband/djangorestframework-simplejwt/pull/870) - [#858](https://github.com/jazzband/djangorestframework-simplejwt/issues/858) New i18n messages by [@Cloves23](https://github.com/Cloves23) in [#879](https://github.com/jazzband/djangorestframework-simplejwt/pull/879) - Repair the type annotations in the TokenViewBase class. by [@triplepoint](https://github.com/triplepoint) in [#880](https://github.com/jazzband/djangorestframework-simplejwt/pull/880) - fix: Token.outstand forces users to install blacklist app by [@Andrew-Chen-Wang](https://github.com/Andrew-Chen-Wang) in [#884](https://github.com/jazzband/djangorestframework-simplejwt/pull/884) - fix: PytestConfigWarning Unknown config option: python\_paths by [@vgrozdanic](https://github.com/vgrozdanic) in [#886](https://github.com/jazzband/djangorestframework-simplejwt/pull/886) - fix: Do not copy `iat` claim from refresh token by [@vgrozdanic](https://github.com/vgrozdanic) in [#888](https://github.com/jazzband/djangorestframework-simplejwt/pull/888) - fix: add missing migration for token\_blacklist app by [@juanbailon](https://github.com/juanbailon) in [#894](https://github.com/jazzband/djangorestframework-simplejwt/pull/894) - Update Persian translations (fa, fa\_IR) for Django application by [@mahdirahimi1999](https://github.com/mahdirahimi1999) in [#897](https://github.com/jazzband/djangorestframework-simplejwt/pull/897) - fix: always stringify user\_id claim in [#887](https://github.com/jazzband/djangorestframework-simplejwt/pull/887) ### [`v5.5.0`](https://github.com/jazzband/djangorestframework-simplejwt/blob/HEAD/CHANGELOG.md#550) [Compare Source](https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.4.0...v5.5.0) - Cap PyJWT version to <2.10.0 to avoid incompatibility with subject claim type requirement by [@grayver](https://github.com/grayver) in [#843](https://github.com/jazzband/djangorestframework-simplejwt/pull/843) - Add specific "token expired" exceptions by [@vainu-arto](https://github.com/vainu-arto) in [#830](https://github.com/jazzband/djangorestframework-simplejwt/pull/830) - Fix user\_id type mismatch when user claim is not pk by [@jdg-journeyfront](https://github.com/jdg-journeyfront) in [#851](https://github.com/jazzband/djangorestframework-simplejwt/pull/851) - Caching signing key by [@henryfool91](https://github.com/henryfool91) in [#859](https://github.com/jazzband/djangorestframework-simplejwt/pull/859) - Adds new refresh tokens to OutstandingToken db. by [@thecarpetjasp](https://github.com/thecarpetjasp) in [#866](https://github.com/jazzband/djangorestframework-simplejwt/pull/866) ### [`v5.4.0`](https://github.com/jazzband/djangorestframework-simplejwt/blob/HEAD/CHANGELOG.md#540) [Compare Source](https://github.com/jazzband/djangorestframework-simplejwt/compare/v5.3.1...v5.4.0) - Changed string formatting in views by [@Egor-oop](https://github.com/Egor-oop) in [#750](https://github.com/jazzband/djangorestframework-simplejwt/pull/750) - Enhance BlacklistMixin with Generic Type for Accurate Type Inference by [@Dresdn](https://github.com/Dresdn) in [#768](https://github.com/jazzband/djangorestframework-simplejwt/pull/768) - Improve type of `Token.for_user` to allow subclasses by [@sterliakov](https://github.com/sterliakov) in [#776](https://github.com/jazzband/djangorestframework-simplejwt/pull/776) - Fix the `Null` value of the `OutstandingToken` of the `BlacklistMixin.blacklist` by [@JaeHyuckSa](https://github.com/JaeHyuckSa) in [#806](https://github.com/jazzband/djangorestframework-simplejwt/pull/806) - Fix: Disable refresh token for inactive user. by [@ajay09](https://github.com/ajay09) in [#814](https://github.com/jazzband/djangorestframework-simplejwt/pull/814) - Add option to allow inactive user authentication and token generation by [@zxkeyy](https://github.com/zxkeyy) in [#834](https://github.com/jazzband/djangorestframework-simplejwt/pull/834) - Drop Django <4.2, DRF <3.14, Python <3.9 by [@Andrew-Chen-Wang](https://github.com/Andrew-Chen-Wang) in [#839](https://github.com/jazzband/djangorestframework-simplejwt/pull/839) - Note, many deprecated versions are only officially not supported but probably still work fine. - Add support for EdDSA and other algorithms in jwt.algorithms.requires\_cryptography ([#822](https://github.com/jazzband/djangorestframework-simplejwt/issues/822)) [#823](https://github.com/jazzband/djangorestframework-simplejwt/pull/823) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Renovate added 1 commit

2026-04-05 13:29:56 +02:00