chore(deps): update pre-commit hook pyjwt to v2.12.0

[TalkIQ (talkiq-ops)]

This PR contains the following updates:

Package	Type	Update	Change
pyjwt	pre-commit-python	minor	==2.11.0 → ==2.12.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

jpadilla/pyjwt (pyjwt)

v2.12.0

Compare Source

Fixed

- Annotate PyJWKSet.keys for pyright by @&#8203;tamird in `#&#8203;1134 <https://github.com/jpadilla/pyjwt/pull/1134>`__
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14 by @&#8203;veeceey in `#&#8203;1133 <https://github.com/jpadilla/pyjwt/pull/1133>`__
- Do not keep ``algorithms`` dict in PyJWK instances by @&#8203;akx in `#&#8203;1143 <https://github.com/jpadilla/pyjwt/pull/1143>`__
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by @&#8203;dmbs335 in `GHSA-752w-5fwx-jx9f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f>`__
- Use PyJWK algorithm when encoding without explicit algorithm in `#&#8203;1148 <https://github.com/jpadilla/pyjwt/pull/1148>`__

Added

• Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Approved 👍

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the pyjwt library used within the project's pre-commit configuration to its latest minor version. This update brings important security fixes and general improvements to the JWT handling, ensuring that the development environment benefits from the most recent stability and security enhancements without affecting runtime application logic.

Highlights

• Dependency Update: The pyjwt dependency used in the pre-commit hooks has been updated from version 2.11.0 to 2.12.0.
• Security Fixes: Version 2.12.0 of pyjwt includes a fix for validating the crit (Critical) Header Parameter as defined in RFC 7515 §4.1.11, addressing a security advisory (GHSA-752w-5fwx-jx9f).
• Bug Fixes and Enhancements: Several other fixes and minor enhancements are included, such as annotating PyJWKSet.keys for pyright, closing HTTPError responses to prevent ResourceWarning, and improvements to PyJWK algorithm handling.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .pre-commit-config.yaml
  • Updated pyjwt from 2.11.0 to 2.12.0.

Activity

• This pull request was automatically generated by Renovate Bot to update the pyjwt dependency.
• Automerge is enabled for this PR, and it will rebase whenever it falls behind the base branch.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	Gemini (@gemini-code-assist)	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on Gemini (@gemini-code-assist) comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly updates the pyjwt dependency to version 2.12.0 for the pre-commit hook. This is an important update as it includes a security fix for GHSA-752w-5fwx-jx9f. However, I've noticed that the main application dependency for pyjwt is still on an older, vulnerable version. I have added a comment to highlight this and recommend updating the main dependency as well to ensure the project is fully patched.

[gemini-code-assist]

While updating the pyjwt version for the pre-commit hook is a good step, the project's main dependency in auth/poetry.lock remains at 2.11.0. Version 2.12.0 addresses the security vulnerability GHSA-752w-5fwx-jx9f. It is crucial to also update the main application dependency to patch this vulnerability.