From 404ef5ab86a3f418037e707a3a0a48bbf80145b6 Mon Sep 17 00:00:00 2001 From: allegroai <> Date: Wed, 25 May 2022 16:47:41 +0300 Subject: [PATCH] Bump PyJWT version due to "Key confusion through non-blocklisted public key formats" vulnerability --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index df2a4eed..b669a62f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ Pillow>=4.1.1 psutil>=3.4.2 pyparsing>=2.0.3 python-dateutil>=2.6.1 -pyjwt>=1.6.4,<=2.1.0 +pyjwt>=2.4.0,<2.5.0 PyYAML>=3.12 requests>=2.20.0 six>=1.13.0