fix(deps): bump PyJWT minimum to 2.12.0 for CVE-2026-32597

PyJWT <= 2.11.0 accepts unknown `crit` header extensions in violation of RFC 7515 §4.1.11. Bump lower bound to 2.12.0 which includes the fix.
2026-05-16 21:59:26 +00:00 · 2026-03-25 15:16:21 -06:00
parent 732709d3a9
commit 7358619a40
2 changed files with 2 additions and 2 deletions
--- a/uv.lock
+++ b/uv.lock
@@ -1758,7 +1758,7 @@ requires-dist = [
    { name = "pycountry", specifier = ">=24.6.1" },
    { name = "pycryptodomex", specifier = ">=3.20.0,<4" },
    { name = "pyexecjs", specifier = ">=1.5.1,<2" },
-    { name = "pyjwt", specifier = ">=2.8.0,<3" },
+    { name = "pyjwt", specifier = ">=2.12.0,<3" },
    { name = "pymediainfo", specifier = ">=6.1.0,<8" },
    { name = "pymp4", specifier = ">=1.4.0,<2" },
    { name = "pymysql", specifier = ">=1.1.0,<2" },