From 7358619a40e09a3e8feb2061b5166b8891af47f6 Mon Sep 17 00:00:00 2001
From: Andy <scene@scene.com>
Date: Wed, 25 Mar 2026 15:16:21 -0600
Subject: [PATCH] fix(deps): bump PyJWT minimum to 2.12.0 for CVE-2026-32597
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PyJWT <= 2.11.0 accepts unknown `crit` header extensions in violation of RFC 7515 §4.1.11. Bump lower bound to 2.12.0 which includes the fix.
---
 pyproject.toml | 2 +-
 uv.lock        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 42892af..dbb5962 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -40,7 +40,7 @@ dependencies = [
     "protobuf>=4.25.3,<7",
     "pycaption>=2.2.6,<3",
     "pycryptodomex>=3.20.0,<4",
-    "pyjwt>=2.8.0,<3",
+    "pyjwt>=2.12.0,<3",
     "pymediainfo>=6.1.0,<8",
     "pymp4>=1.4.0,<2",
     "pymysql>=1.1.0,<2",
diff --git a/uv.lock b/uv.lock
index bbf68e2..c8ec9da 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1758,7 +1758,7 @@ requires-dist = [
     { name = "pycountry", specifier = ">=24.6.1" },
     { name = "pycryptodomex", specifier = ">=3.20.0,<4" },
     { name = "pyexecjs", specifier = ">=1.5.1,<2" },
-    { name = "pyjwt", specifier = ">=2.8.0,<3" },
+    { name = "pyjwt", specifier = ">=2.12.0,<3" },
     { name = "pymediainfo", specifier = ">=6.1.0,<8" },
     { name = "pymp4", specifier = ">=1.4.0,<2" },
     { name = "pymysql", specifier = ">=1.1.0,<2" },