Merge pull request #330 from UW-GAC/maint/security-update-pyjwt-2.4.0

Pin minimum version of pyjwt to fix security alert
UW-GAC · Nov 17, 2023 · 10656bb · 10656bb
2 parents 6c9965f + d2833e7
commit 10656bb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/requirements/requirements.in b/requirements/requirements.in
@@ -42,3 +42,4 @@ asgiref>=3.6
 
 # Temporary fixes to handle dependabot not reading django-anvil-consortium-manager dependencies
 certifi>=2023.7.22
+pyjwt>=2.4.0
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
@@ -124,10 +124,10 @@ pyasn1-modules==0.2.8
     # via google-auth
 pycparser==2.21
     # via cffi
-pyjwt[crypto]==2.3.0
+pyjwt[crypto]==2.8.0
     # via
+    #   -r requirements/requirements.in
     #   django-allauth
-    #   pyjwt
 pyparsing==3.0.8
     # via packaging
 pyproject-hooks==1.0.0
Original file line number	Diff line number	Diff line change
Expand Up		@@ -42,3 +42,4 @@ asgiref>=3.6

		# Temporary fixes to handle dependabot not reading django-anvil-consortium-manager dependencies
		certifi>=2023.7.22
		pyjwt>=2.4.0