From 0abb9a484ebb10785126dbbbd88b85b50c061bd3 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Tue, 17 Mar 2026 18:23:44 +0100 Subject: python-pyjwt: upgrade 2.11.0 -> 2.12.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Contains fix for CVE-2026-32597. Since NVD tracks this CVE without version info, mark the CVE explicitly patched. Changes: 2.12.1: Add typing_extensions dependency for Python < 3.11 2.12.0: chore(docs): fix docs build Annotate PyJWKSet.keys for pyright fix: close HTTPError to prevent ResourceWarning on Python 3.14 chore: remove superfluous constants chore(tests): enable mypy Bump actions/download-artifact from 7 to 8 fix: do not store reference to algorithms dict on PyJWK Use PyJWK algorithm when encoding without explicit algorithm Validate the crit (Critical) Header Parameter defined in RFC 7515 ยง4.1.11. (CVE-2026-32597) Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../python/python3-pyjwt_2.12.1.bb | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb (limited to 'meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb') diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb new file mode 100644 index 0000000000..28eceece97 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb @@ -0,0 +1,23 @@ +SUMMARY = "JSON Web Token implementation in Python" +DESCRIPTION = "A Python implementation of JSON Web Token draft 32.\ + Original implementation was written by https://github.com/progrium" +HOMEPAGE = "https://github.com/jpadilla/pyjwt" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" + +SRC_URI[sha256sum] = "c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b" + +PYPI_PACKAGE = "pyjwt" +CVE_PRODUCT = "pyjwt" +CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly" +CVE_STATUS[CVE-2026-32597] = "fixed-version: fixed in 2.12.0" + +inherit pypi python_setuptools_build_meta + +RDEPENDS:${PN} = "\ + python3-cryptography \ + python3-json \ +" + +BBCLASSEXTEND = "native nativesdk" + -- cgit v1.2.3-54-g00ecf