Review dependabot package updates

[MartaSien]

Pending updates

• [x] https://github.com/zetonteam/zeton_django/pull/78 ⚠ fix for https://github.com/zetonteam/zeton_django/security/dependabot/3
• [x] https://github.com/zetonteam/zeton_django/pull/77
• [x] https://github.com/zetonteam/zeton_django/pull/97
• [x] https://github.com/zetonteam/zeton_django/pull/60 ⚠ fix for https://github.com/zetonteam/zeton_django/security/dependabot/2
• [x] https://github.com/zetonteam/zeton_django/pull/59 ⬆ new version available
• [x] https://github.com/zetonteam/zeton_django/pull/54

[MartaSien]

I'm checking pyjwt changelog https://github.com/zetonteam/zeton_django/pull/60

• v.2.0.0 introduced significant changes. New features and some new requirements:
  • Drop support for Python 2
  • Require cryptography >= 3
  • Drop support for PyCrypto and ECDSA
  • Drop CLI
  • Introduce PyJWK, PyJWKSet, and PyJWKClient (example usage in release notes)

[szmktk]

This PR attempts to implement the high severity package update: https://github.com/zetonteam/zeton_django/pull/102

Please review 🙏

Remaining package upgrades are implemented in https://github.com/zetonteam/zeton_django/pull/79

☝ Those two PRs are in conflict but it's trivial to align one to the other after either one is merged 😉

[szmktk]

OK I admit this one is funny :stuck_out_tongue: PRs https://github.com/zetonteam/zeton_django/pull/79 & https://github.com/zetonteam/zeton_django/pull/102 both resolved dependabot alerts but https://github.com/zetonteam/zeton_django/pull/79 introduced yet another one ("Improper Privilege Management in djangorestframework-simplejwt") which as of now does not have an upstream fix. We have no other option than wait until maintainers of djangorestframework-simplejwt fix the issue.