fix(security): replace python-jose with PyJWT to eliminate ecdsa CVEs

Snyk scan found 3 High severity vulns: two in ecdsa (pulled by python-jose) and one in diskcache (pulled by pySigma, never imported). Remove both vulnerable dependencies and migrate JWT handling to PyJWT. Fix test_logout_revokes_token which broke because test stubs sys.modules[jose] with a MagicMock at collection time; test now uses PyJWT directly.
2026-06-11 09:06:16 +02:00
parent d2a46feba8
commit 1f19bd8432
6 changed files with 18 additions and 15 deletions
@@ -102,7 +102,7 @@ def test_logout_revokes_token(client, admin_user):
    )
    assert out.status_code == 200

-    from jose import jwt
+    import jwt

    from app.config import settings
    from app.infrastructure.redis_client import get_redis_blacklist