mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-03-22 14:09:20 +00:00
Code Issues Projects Releases Wiki Activity
Files
6b55bede28261c38fb1da1474ca5c991ac414c93
meta-openembedded/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb
Gyorgy Sarvari 0abb9a484e python-pyjwt: upgrade 2.11.0 -> 2.12.1 
Contains fix for CVE-2026-32597. Since NVD tracks this CVE
without version info, mark the CVE explicitly patched.

Changes:
2.12.1:
Add typing_extensions dependency for Python < 3.11

2.12.0:
chore(docs): fix docs build
Annotate PyJWKSet.keys for pyright
fix: close HTTPError to prevent ResourceWarning on Python 3.14
chore: remove superfluous constants
chore(tests): enable mypy
Bump actions/download-artifact from 7 to 8
fix: do not store reference to algorithms dict on PyJWK
Use PyJWK algorithm when encoding without explicit algorithm
Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. (CVE-2026-32597)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-03-18 14:33:32 -07:00

24 lines
774 B
BlitzBasic
Raw Blame History

SUMMARY = "JSON Web Token implementation in Python"
DESCRIPTION = "A Python implementation of JSON Web Token draft 32.\
Original implementation was written by https://github.com/progrium"
HOMEPAGE = "https://github.com/jpadilla/pyjwt"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551"
SRC_URI[sha256sum] = "c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b"
PYPI_PACKAGE = "pyjwt"
CVE_PRODUCT = "pyjwt"
CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly"
CVE_STATUS[CVE-2026-32597] = "fixed-version: fixed in 2.12.0"
inherit pypi python_setuptools_build_meta
RDEPENDS:${PN} = "\
python3-cryptography \
python3-json \
"
BBCLASSEXTEND = "native nativesdk"
Reference in New Issue View Git Blame Copy Permalink