fix: replace python-jose with PyJWT to eliminate vulnerable ecdsa dependency

2026-04-03 00:46:36 -05:00 · 2026-04-03 00:46:36 -05:00 · 496334137d
commit 496334137d
parent 5c02598a46
4 changed files with 21 additions and 59 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@ -20,7 +20,7 @@ dependencies = [
    "cryptography>=44",
    # Auth
    "bcrypt>=4.0",
-    "python-jose[cryptography]>=3.3",
+    "pyjwt[crypto]>=2.9",
    "authlib>=1.4",
    "pyotp>=2.9",
    "webauthn>=2.2",