kenzuya/unshackle
1
0
Fork 2
mirror of https://github.com/unshackle-dl/unshackle.git synced 2026-05-17 06:09:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deps): bump PyJWT minimum to 2.12.0 for CVE-2026-32597

Browse Source 
PyJWT <= 2.11.0 accepts unknown `crit` header extensions in violation of RFC 7515 §4.1.11. Bump lower bound to 2.12.0 which includes the fix.
This commit is contained in:
Andy
2026-03-25 15:16:21 -06:00
parent 732709d3a9
commit 7358619a40
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@@ -40,7 +40,7 @@ dependencies = [
"protobuf>=4.25.3,<7", "protobuf>=4.25.3,<7",
"pycaption>=2.2.6,<3", "pycaption>=2.2.6,<3",
"pycryptodomex>=3.20.0,<4", "pycryptodomex>=3.20.0,<4",
"pyjwt>=2.8.0,<3", "pyjwt>=2.12.0,<3",
"pymediainfo>=6.1.0,<8", "pymediainfo>=6.1.0,<8",
"pymp4>=1.4.0,<2", "pymp4>=1.4.0,<2",
"pymysql>=1.1.0,<2", "pymysql>=1.1.0,<2",

2
uv.lock generated
View File

@@ -1758,7 +1758,7 @@ requires-dist = [
{ name = "pycountry", specifier = ">=24.6.1" }, { name = "pycountry", specifier = ">=24.6.1" },
{ name = "pycryptodomex", specifier = ">=3.20.0,<4" }, { name = "pycryptodomex", specifier = ">=3.20.0,<4" },
{ name = "pyexecjs", specifier = ">=1.5.1,<2" }, { name = "pyexecjs", specifier = ">=1.5.1,<2" },
{ name = "pyjwt", specifier = ">=2.8.0,<3" }, { name = "pyjwt", specifier = ">=2.12.0,<3" },
{ name = "pymediainfo", specifier = ">=6.1.0,<8" }, { name = "pymediainfo", specifier = ">=6.1.0,<8" },
{ name = "pymp4", specifier = ">=1.4.0,<2" }, { name = "pymp4", specifier = ">=1.4.0,<2" },
{ name = "pymysql", specifier = ">=1.1.0,<2" }, { name = "pymysql", specifier = ">=1.1.0,<2" },