Closed MartaSien closed 1 week ago
PyJWK
, PyJWKSet
, and PyJWKClient
(example usage in release notes)This PR attempts to implement the high severity package update: https://github.com/zetonteam/zeton_django/pull/102
Please review 🙏
Remaining package upgrades are implemented in https://github.com/zetonteam/zeton_django/pull/79
☝ Those two PRs are in conflict but it's trivial to align one to the other after either one is merged 😉
OK I admit this one is funny :stuck_out_tongue:
PRs https://github.com/zetonteam/zeton_django/pull/79 & https://github.com/zetonteam/zeton_django/pull/102 both resolved dependabot alerts but https://github.com/zetonteam/zeton_django/pull/79 introduced yet another one ("Improper Privilege Management in djangorestframework-simplejwt
") which as of now does not have an upstream fix. We have no other option than wait until maintainers of djangorestframework-simplejwt
fix the issue.
Pending updates