From 95d4725ac17992880aa7008ff03350842d4eed54 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 20 May 2026 18:59:20 +0000
Subject: [PATCH] fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-IDNA-16769942
- https://snyk.io/vuln/SNYK-PYTHON-PYJWT-11356591
---
 requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 2f8190920..b44043d9f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,7 +9,7 @@ alembic==1.13.1
 psycopg2-binary==2.9.11
 passlib[bcrypt]==1.7.4
 bcrypt==3.2.2
-PyJWT==2.8.0
+PyJWT==2.11.0
 requests==2.32.4
 urllib3>=1.25.4,<1.27  # Compatible with botocore for Python 3.9
 charset-normalizer>=3.4.0,<4
@@ -40,3 +40,4 @@ httpx>=0.25.2,<1.0.0
 Pillow==11.1.0
 reportlab==4.2.5
 resend>=2.0.0
+idna>=3.15 # not directly required, pinned by Snyk to avoid a vulnerability