Add typing_extensions dependency for Python < 3.11 (#1151)

jpadilla · claude · pre-commit-ci[bot] · web-flow · commit a4e1a3d1218b · 2026-03-13T14:41:01.000-04:00
* Add typing_extensions as dependency for Python < 3.11 PyJWT imports typing_extensions.Never (Python < 3.11) and typing_extensions.TypeAlias (Python < 3.10) at runtime in jwt/algorithms.py, but typing_extensions was never declared as a dependency. This causes a ModuleNotFoundError on Python 3.9/3.10 when importing the library. Fixes #1150 https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Add minimal install CI job to catch undeclared dependencies The existing install-dev job always installs with [dev] extras, which bundles cryptography and pulls in typing_extensions transitively via test tooling. This masked the missing typing_extensions dependency (#1150). Add an install-minimal job that tests bare `pip install .` and `pip install .[crypto]` on Python 3.9 and 3.13, ensuring undeclared runtime dependencies are caught immediately. https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F * Merge install-minimal into install-dev and test all install modes Consolidate into a single job that tests progressively: bare install, crypto extra, then dev extras. Tests Python 3.9 and 3.13 to cover both the typing_extensions fallback and native typing paths. https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F * Bump version to 2.12.1 https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F * Add explicit permissions block to CI workflow Restrict GITHUB_TOKEN to read-only contents access, as flagged by github-advanced-security[bot]. https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F * Fix RST underline length in CHANGELOG https://claude.ai/code/session_013ZvbKEyVkcUx8xHrqt8v2F --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -8,6 +8,9 @@ on:
     branches: ["master"]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   tests:
     name: "Python ${{ matrix.python-version }} on ${{ matrix.platform }}"
@@ -97,19 +100,32 @@ jobs:
     strategy:
       matrix:
         os: ["ubuntu-latest", "windows-latest", "macos-latest"]
+        python-version: ["3.9", "3.13"]
 
-    name: "Verify dev env"
+    name: "Verify dev env (Python ${{ matrix.python-version }}, ${{ matrix.os }})"
     runs-on: "${{ matrix.os }}"
 
     steps:
       - uses: "actions/checkout@v6"
       - uses: "actions/setup-python@v6"
 
         with:
-          python-version: "3.9"
+          python-version: "${{ matrix.python-version }}"
+
+      - name: "Install with no extras"
+        run: "python -m pip install ."
+
+      - name: "Import package"
+        run: "python -c 'import jwt; print(jwt.__version__)'"
+
+      - name: "Install with crypto extra"
+        run: "python -m pip install .[crypto]"
+
+      - name: "Import package with crypto"
+        run: "python -c 'import jwt; print(jwt.__version__)'"
 
       - name: "Install in dev mode"
         run: "python -m pip install -e .[dev]"
 
-      - name: "Import package"
+      - name: "Import package in dev mode"
         run: "python -c 'import jwt; print(jwt.__version__)'"
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,9 +4,17 @@ Changelog
 All notable changes to this project will be documented in this file.
 This project adheres to `Semantic Versioning <https://semver.org/>`__.
 
-`Unreleased <https://github.com/jpadilla/pyjwt/compare/2.11.0...HEAD>`__
+`Unreleased <https://github.com/jpadilla/pyjwt/compare/2.12.1...HEAD>`__
 ------------------------------------------------------------------------
 
+`v2.12.1 <https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1>`__
+------------------------------------------------------------------------
+
+Fixed
+~~~~~
+
+- Add missing ``typing_extensions`` dependency for Python < 3.11 in `#1150 <https://github.com/jpadilla/pyjwt/issues/1150>`__
+
 `v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__
 -----------------------------------------------------------------------
 
diff --git a/jwt/__init__.py b/jwt/__init__.py
@@ -28,7 +28,7 @@
 from .jwks_client import PyJWKClient
 from .warnings import InsecureKeyLengthWarning
 
-__version__ = "2.12.0"
+__version__ = "2.12.1"
 
 __title__ = "PyJWT"
 __description__ = "JSON Web Token implementation in Python"
diff --git a/pyproject.toml b/pyproject.toml
@@ -23,6 +23,9 @@ classifiers = [
     "Programming Language :: Python :: 3.14",
     "Topic :: Utilities",
 ]
+dependencies = [
+    "typing_extensions >= 4.0; python_version < '3.11'",
+]
 description = "JSON Web Token implementation in Python"
 dynamic = [
     "version",
