From ff82cc5fd2993aa85e3ca26d58da0bead9c11a97 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 14 Mar 2026 01:52:18 +0000
Subject: [PATCH 1/2] fix(deps): update dependency pyjwt to v2.12.0 [security]

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 6a2d9e2c..96985cf9 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ dependencies = [
   "httpx~=0.28.1",
   "pydantic>=2.10.4",
   "pyjwt>=2.10.0 ; python_full_version >= '3.9'",
-  "pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'",
+  "pyjwt>=2.12,<2.13; python_full_version == '3.8.*'",
 ]
 
 [project.urls]

From d6fac2da56f773c43831b595e27f5724c275438a Mon Sep 17 00:00:00 2001
From: "Garen J. Torikian" <gjtorikian@users.noreply.github.com>
Date: Mon, 16 Mar 2026 15:52:54 -0400
Subject: [PATCH 2/2] fix(deps): keep pyjwt <2.10 for Python 3.8, bump to
 >=2.12 for >=3.9

PyJWT 2.12 dropped Python 3.8 support, so the Renovate-generated
constraint was unsatisfiable for Python 3.8. Keep the old pin for 3.8
and apply the security update (CVE-2026-32597) only for Python >=3.9.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 pyproject.toml |  4 ++--
 uv.lock        | 13 ++++++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 96985cf9..39b75cad 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -11,8 +11,8 @@ dependencies = [
   "cryptography>=44.0.2",
   "httpx~=0.28.1",
   "pydantic>=2.10.4",
-  "pyjwt>=2.10.0 ; python_full_version >= '3.9'",
-  "pyjwt>=2.12,<2.13; python_full_version == '3.8.*'",
+  "pyjwt>=2.12.0 ; python_full_version >= '3.9'",
+  "pyjwt>=2.9.0,<2.10 ; python_full_version == '3.8.*'",
 ]
 
 [project.urls]
diff --git a/uv.lock b/uv.lock
index 06dbf55a..8a483fe9 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1269,15 +1269,18 @@ wheels = [
 
 [[package]]
 name = "pyjwt"
-version = "2.10.1"
+version = "2.12.1"
 source = { registry = "https://pypi.org/simple" }
 resolution-markers = [
     "python_full_version >= '3.10'",
     "python_full_version == '3.9.*'",
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/e7/46/bd74733ff231675599650d3e47f361794b22ef3e3770998dda30d3b63726/pyjwt-2.10.1.tar.gz", hash = "sha256:3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953", size = 87785, upload-time = "2024-11-28T03:43:29.933Z" }
+dependencies = [
+    { name = "typing-extensions", version = "4.15.0", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.9' and python_full_version < '3.11'" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/c2/27/a3b6e5bf6ff856d2509292e95c8f57f0df7017cf5394921fc4e4ef40308a/pyjwt-2.12.1.tar.gz", hash = "sha256:c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b", size = 102564, upload-time = "2026-03-13T19:27:37.25Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/61/ad/689f02752eeec26aed679477e80e632ef1b682313be70793d798c1d5fc8f/PyJWT-2.10.1-py3-none-any.whl", hash = "sha256:dcdd193e30abefd5debf142f9adfcdd2b58004e644f25406ffaebd50bd98dacb", size = 22997, upload-time = "2024-11-28T03:43:27.893Z" },
+    { url = "https://files.pythonhosted.org/packages/e5/7a/8dd906bd22e79e47397a61742927f6747fe93242ef86645ee9092e610244/pyjwt-2.12.1-py3-none-any.whl", hash = "sha256:28ca37c070cad8ba8cd9790cd940535d40274d22f80ab87f3ac6a713e6e8454c", size = 29726, upload-time = "2026-03-13T19:27:35.677Z" },
 ]
 
 [[package]]
@@ -1483,7 +1486,7 @@ dependencies = [
     { name = "pydantic", version = "2.10.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.9'" },
     { name = "pydantic", version = "2.12.4", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.9'" },
     { name = "pyjwt", version = "2.9.0", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.9'" },
-    { name = "pyjwt", version = "2.10.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.9'" },
+    { name = "pyjwt", version = "2.12.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.9'" },
 ]
 
 [package.dev-dependencies]
@@ -1520,7 +1523,7 @@ requires-dist = [
     { name = "httpx", specifier = "~=0.28.1" },
     { name = "pydantic", specifier = ">=2.10.4" },
     { name = "pyjwt", marker = "python_full_version == '3.8.*'", specifier = ">=2.9.0,<2.10" },
-    { name = "pyjwt", marker = "python_full_version >= '3.9'", specifier = ">=2.10.0" },
+    { name = "pyjwt", marker = "python_full_version >= '3.9'", specifier = ">=2.12.0" },
 ]
 
 [package.metadata.requires-dev]