From 141531ac487f7f8a80ada367709b1785a575e255 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Nov 2024 11:42:35 +0000
Subject: [PATCH] Upgrade: [dependabot] - bump pyjwt from 2.10.0 to 2.10.1
 (#1109)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.0 to 2.10.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/releases">pyjwt's
releases</a>.</em></p>
<blockquote>
<h2>2.10.1</h2>
<h2>Fixed</h2>
<ul>
<li>Prevent partial matching of <code>iss</code> claim. Thanks <a
href="https://github.com/fabianbadoi"><code>@​fabianbadoi</code></a>!
(See: <a
href="https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm">https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1">https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's
changelog</a>.</em></p>
<blockquote>
<h2><code>v2.10.1
&lt;https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1&gt;</code>__</h2>
<p>Fixed</p>
<pre><code>
- Prevent partial matching of `iss` claim by @fabianbadoi in
`GHSA-75c5-xw7c-p5pm
&lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm&gt;`__
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/3ebbb22f30f2b1b41727b269a08b427e9a85d6bb"><code>3ebbb22</code></a>
fix lint</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/37748dc1e328f120aa04ec98b2a71a0af6301a24"><code>37748dc</code></a>
update changelog</li>
<li><a
href="https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1"><code>33022c2</code></a>
Merge commit from fork</li>
<li>See full diff in <a
href="https://github.com/jpadilla/pyjwt/compare/2.10.0...2.10.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.10.0&new-version=2.10.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: anthony-nhs <121869075+anthony-nhs@users.noreply.github.com>
---
 poetry.lock    | 8 ++++----
 pyproject.toml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 05a28b8fd..8ed2910a1 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1139,13 +1139,13 @@ windows-terminal = ["colorama (>=0.4.6)"]
 
 [[package]]
 name = "pyjwt"
-version = "2.10.0"
+version = "2.10.1"
 description = "JSON Web Token implementation in Python"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "PyJWT-2.10.0-py3-none-any.whl", hash = "sha256:543b77207db656de204372350926bed5a86201c4cbff159f623f79c7bb487a15"},
-    {file = "pyjwt-2.10.0.tar.gz", hash = "sha256:7628a7eb7938959ac1b26e819a1df0fd3259505627b575e4bad6d08f76db695c"},
+    {file = "PyJWT-2.10.1-py3-none-any.whl", hash = "sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb"},
+    {file = "pyjwt-2.10.1.tar.gz", hash = "sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953"},
 ]
 
 [package.dependencies]
@@ -1647,4 +1647,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12"
-content-hash = "55265ab2ff31197309b8f28ac31ed369a353d1575d0f487ec676965411673477"
+content-hash = "4a0a1a9ed747913271df1b8dc1de6da0994eaccb5c71575405e285714aca5b23"
diff --git a/pyproject.toml b/pyproject.toml
index 649026929..d3438a8ad 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -37,7 +37,7 @@ argparse = "^1.4.0"
 pre-commit = "^4.0.1"
 pytest = "^8.3.3"
 cfn-lint = "^1.20.1"
-pyjwt = {extras = ["crypto"], version = "^2.10.0"}
+pyjwt = {extras = ["crypto"], version = "^2.10.1"}
 
 [tool.poetry.scripts]