Skip to content

ROB-3755 - Upgrade PyJWT dependency to 2.12.0#18

Merged
naomi-robusta merged 1 commit intomainfrom
claude/fix-security-vulnerabilities-BCaju
Apr 27, 2026
Merged

ROB-3755 - Upgrade PyJWT dependency to 2.12.0#18
naomi-robusta merged 1 commit intomainfrom
claude/fix-security-vulnerabilities-BCaju

Conversation

@naomi-robusta
Copy link
Copy Markdown
Contributor

@naomi-robusta naomi-robusta commented Apr 27, 2026

Summary

This PR updates the PyJWT dependency from version 2.4.0 to 2.12.0 to leverage improvements and security updates in the newer release.

Changes

  • Updated pyjwt version constraint in pyproject.toml from ^2.4.0 to ^2.12.0

Notes

This is a minor version bump within the 2.x release series, which maintains backward compatibility while providing access to bug fixes and enhancements released in PyJWT 2.5.0 through 2.12.0.

https://claude.ai/code/session_01SV4gG9ivBP5LNEhydEtwtc

@claude
Patch CVE-2026-30922 (pyasn1) and CVE-2026-32597 (PyJWT)
a8d7014 
Bumps pyasn1 0.6.2 -> 0.6.3 (DoS via unbounded recursion in ASN.1
decoding) and PyJWT 2.10.1 -> 2.12.1 (crit header validation per
RFC 7515 section 4.1.11).

https://claude.ai/code/session_01SV4gG9ivBP5LNEhydEtwtc
@naomi-robusta naomi-robusta changed the title Upgrade PyJWT dependency to 2.12.0 ROB-3755 - Upgrade PyJWT dependency to 2.12.0 Apr 27, 2026
@naomi-robusta naomi-robusta merged commit 1ff3888 into main Apr 27, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avi-Robusta Avi-Robusta Avi-Robusta approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@naomi-robusta @Avi-Robusta @claude