python-pyjwt: upgrade 2.11.0 -> 2.12.1

Contains fix for CVE-2026-32597. Since NVD tracks this CVE without version info, mark the CVE explicitly patched. Changes: 2.12.1: Add typing_extensions dependency for Python < 3.11 2.12.0: chore(docs): fix docs build Annotate PyJWKSet.keys for pyright fix: close HTTPError to prevent ResourceWarning on Python 3.14 chore: remove superfluous constants chore(tests): enable mypy Bump actions/download-artifact from 7 to 8 fix: do not store reference to algorithms dict on PyJWK Use PyJWK algorithm when encoding without explicit algorithm Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. (CVE-2026-32597) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-24 14:49:38 +00:00 · 2026-03-17 18:23:44 +01:00
parent 96fa70cddf
commit 0abb9a484e
1 changed files with 3 additions and 1 deletions
--- a/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb
+++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb
@@ -0,0 +1,23 @@
+SUMMARY = "JSON Web Token implementation in Python"
+DESCRIPTION = "A Python implementation of JSON Web Token draft 32.\
+ Original implementation was written by https://github.com/progrium"
+HOMEPAGE = "https://github.com/jpadilla/pyjwt"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551"
+
+SRC_URI[sha256sum] = "c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b"
+
+PYPI_PACKAGE = "pyjwt"
+CVE_PRODUCT = "pyjwt"
+CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly"
+CVE_STATUS[CVE-2026-32597] = "fixed-version: fixed in 2.12.0"
+
+inherit pypi python_setuptools_build_meta
+
+RDEPENDS:${PN} = "\
+    python3-cryptography \
+    python3-json \
+"
+
+BBCLASSEXTEND = "native nativesdk"
+