Dependabot Security Vulnerability: Switch Outdated Python Package "python-jose"

[ianliuwk1019]

Describe the task Dependabot has several security alerts for Python package: "python-jose" on version 3.3.0 or lower. (reported created 3 weeks ago from May 17, 2024)

As of today, version 3.3.0 is the latest, but seems old (it was released Jun 4, 2021), and FAM is using this version.

Unless there will be a coming fix version for this "python-jose", we probably need to replace this package with alternative.

Acceptance Criteria

• [ ] Find out if "python-jose" has newer version and determine we can upgrade to the latest version to resolve this security vulnerability.
• [ ] If "python-jose" newer version is not available, find the alternative to switch to. "PyJWT" seems to be a good one.
• [ ] Need to adjust the code where it is impacted by library replacement.
• [ ] Run existing tests to pass. Run the system from frontend or Swagger to verify if everything function normally.

Additional context

• Dependabot alerts
• PyJWT

[ianliuwk1019]

man... the replacement might not be easy and pretty....

[ianliuwk1019]

Create a new ticket to separately address the complexity for replacing "python-jose" on BCSC part #1454 .