From db3eb5a831b2e61b67af00a94616d4b2086347bd Mon Sep 17 00:00:00 2001
From: lucyli-ca <107629053+lucyli-ca@users.noreply.github.com>
Date: Tue, 21 Jan 2025 11:23:27 -0500
Subject: [PATCH] Bump PyJWT to 2.10.1 in .ci/metrics/requirements.lock.txt

PR to bump dependency version to resolve security vulnerability found.

In current version, The wrong string if check is run for iss checking, resulting in "acb" being accepted for "_abc_".

Additional details:
Weaknesses: CWE-697
CVE ID: CVE-2024-53861
---
 .ci/metrics/requirements.lock.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.ci/metrics/requirements.lock.txt b/.ci/metrics/requirements.lock.txt
index 8ab76327e0c82..74d34f74d33bb 100644
--- a/.ci/metrics/requirements.lock.txt
+++ b/.ci/metrics/requirements.lock.txt
@@ -231,7 +231,7 @@ pygithub==2.5.0 \
     --hash=sha256:b0b635999a658ab8e08720bdd3318893ff20e2275f6446fcf35bf3f44f2c0fd2 \
     --hash=sha256:e1613ac508a9be710920d26eb18b1905ebd9926aa49398e88151c1b526aad3cf
     # via -r ./requirements.txt
-pyjwt[crypto]==2.10.0 \
+pyjwt[crypto]==2.10.1 \
     --hash=sha256:543b77207db656de204372350926bed5a86201c4cbff159f623f79c7bb487a15 \
     --hash=sha256:7628a7eb7938959ac1b26e819a1df0fd3259505627b575e4bad6d08f76db695c
     # via pygithub