From c81b4fe11eda413f7add0c6ce7a2ca7fddab2877 Mon Sep 17 00:00:00 2001 From: Greyson LaLonde Date: Tue, 2 Jun 2026 10:01:53 -0700 Subject: [PATCH] fix(deps): bump pyjwt to >=2.13.0 to patch CVEs --- lib/cli/pyproject.toml | 2 +- lib/crewai-core/pyproject.toml | 2 +- lib/crewai/pyproject.toml | 2 +- uv.lock | 12 ++++++------ 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/cli/pyproject.toml b/lib/cli/pyproject.toml index 42418d4d9..806e300ad 100644 --- a/lib/cli/pyproject.toml +++ b/lib/cli/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "appdirs~=1.4.4", "cryptography>=42.0", "httpx~=0.28.1", - "pyjwt>=2.9.0,<3", + "pyjwt>=2.13.0,<3", "rich>=13.7.1", "tomli~=2.0.2", "tomli-w~=1.1.0", diff --git a/lib/crewai-core/pyproject.toml b/lib/crewai-core/pyproject.toml index 92447b057..e641548e4 100644 --- a/lib/crewai-core/pyproject.toml +++ b/lib/crewai-core/pyproject.toml @@ -13,7 +13,7 @@ dependencies = [ "httpx~=0.28.1", "packaging>=23.0", "portalocker~=2.7.0", - "pyjwt>=2.9.0,<3", + "pyjwt>=2.13.0,<3", "pydantic>=2.11.9,<2.13", "rich>=13.7.1", "opentelemetry-api~=1.34.0", diff --git a/lib/crewai/pyproject.toml b/lib/crewai/pyproject.toml index ff1d61b7f..d61b30266 100644 --- a/lib/crewai/pyproject.toml +++ b/lib/crewai/pyproject.toml @@ -27,7 +27,7 @@ dependencies = [ "openpyxl~=3.1.5", # Authentication and Security "python-dotenv>=1.2.2,<2", - "pyjwt>=2.9.0,<3", + "pyjwt>=2.13.0,<3", # Configuration and Utils "click>=8.1.7,<9", "appdirs~=1.4.4", diff --git a/uv.lock b/uv.lock index b124afcab..0c1c5526e 100644 --- a/uv.lock +++ b/uv.lock @@ -1419,7 +1419,7 @@ requires-dist = [ { name = "portalocker", specifier = "~=2.7.0" }, { name = "pydantic", specifier = ">=2.11.9,<2.13" }, { name = "pydantic-settings", specifier = "~=2.10.1" }, - { name = "pyjwt", specifier = ">=2.9.0,<3" }, + { name = "pyjwt", specifier = ">=2.13.0,<3" }, { name = "python-dotenv", specifier = ">=1.2.2,<2" }, { name = "pyyaml", specifier = "~=6.0" }, { name = "qdrant-client", extras = ["fastembed"], marker = "extra == 'qdrant'", specifier = "~=1.14.3" }, @@ -1466,7 +1466,7 @@ requires-dist = [ { name = "packaging", specifier = ">=23.0" }, { name = "pydantic", specifier = ">=2.11.9,<2.13" }, { name = "pydantic-settings", specifier = "~=2.10.1" }, - { name = "pyjwt", specifier = ">=2.9.0,<3" }, + { name = "pyjwt", specifier = ">=2.13.0,<3" }, { name = "python-dotenv", specifier = ">=1.2.2,<2" }, { name = "rich", specifier = ">=13.7.1" }, { name = "textual", specifier = ">=7.5.0" }, @@ -1504,7 +1504,7 @@ requires-dist = [ { name = "packaging", specifier = ">=23.0" }, { name = "portalocker", specifier = "~=2.7.0" }, { name = "pydantic", specifier = ">=2.11.9,<2.13" }, - { name = "pyjwt", specifier = ">=2.9.0,<3" }, + { name = "pyjwt", specifier = ">=2.13.0,<3" }, { name = "rich", specifier = ">=13.7.1" }, { name = "tomli", specifier = "~=2.0.2" }, ] @@ -6902,14 +6902,14 @@ wheels = [ [[package]] name = "pyjwt" -version = "2.12.1" +version = "2.13.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "typing-extensions", marker = "python_full_version < '3.11'" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/c2/27/a3b6e5bf6ff856d2509292e95c8f57f0df7017cf5394921fc4e4ef40308a/pyjwt-2.12.1.tar.gz", hash = "sha256:c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b", size = 102564, upload-time = "2026-03-13T19:27:37.25Z" } +sdist = { url = "https://files.pythonhosted.org/packages/3b/81/58d0ac84e1ef3a3843791d6954d94c0b33d526c75eeb1efbce9d0a4c4077/pyjwt-2.13.0.tar.gz", hash = "sha256:41571c89ca91598c79e8ef18a2d07367d4810fbbd6f637794879baf1b7703423", size = 107515, upload-time = "2026-05-21T19:54:36.618Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/e5/7a/8dd906bd22e79e47397a61742927f6747fe93242ef86645ee9092e610244/pyjwt-2.12.1-py3-none-any.whl", hash = "sha256:28ca37c070cad8ba8cd9790cd940535d40274d22f80ab87f3ac6a713e6e8454c", size = 29726, upload-time = "2026-03-13T19:27:35.677Z" }, + { url = "https://files.pythonhosted.org/packages/a3/5e/ecf12fdb62546d64385c158514e9b2b671f7832108ef2ecd2020ce0af2d1/pyjwt-2.13.0-py3-none-any.whl", hash = "sha256:66adcc2aff09b3f1bbd95fc1e1577df8ac8723c978552fd43304c8a290ac5728", size = 31274, upload-time = "2026-05-21T19:54:35.362Z" }, ] [package.optional-dependencies]