chore(deps): update dependency cryptography to v45.0.7

fix: catch PyJWKSetError in JWT verification fallback
PyJWKSetError is not a subclass of PyJWKClientError — they are siblings under PyJWTError. The empty JWKS key set error was not being caught. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 09:02:05 +00:00 · 2026-03-22 09:56:58 +01:00 · 2026-03-22 09:53:43 +01:00 · 2026-03-22 09:52:33 +01:00
2 changed files with 7 additions and 3 deletions
--- a/backend/pyproject.toml
+++ b/backend/pyproject.toml
@@ -14,7 +14,7 @@ dependencies = [
    "asyncpg==0.31.0",
    "alembic==1.18.4",
    "PyJWT==2.12.1",
-    "cryptography==45.0.3",
+    "cryptography==45.0.7",
 ]

 [project.optional-dependencies]
--- a/backend/src/app/core/auth.py
+++ b/backend/src/app/core/auth.py
@@ -3,7 +3,7 @@ from uuid import UUID

 import jwt
 from fastapi import Depends, HTTPException, Request, status
-from jwt import PyJWKClient, PyJWKClientError
+from jwt import PyJWKClient, PyJWKClientError, PyJWKSetError
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

@@ -71,7 +71,11 @@ def _verify_jwt(token: str) -> dict | None:
                algorithms=["RS256"],
                audience="authenticated",
            )
-        except jwt.InvalidTokenError, PyJWKClientError:
+        except jwt.InvalidTokenError:
+            pass
+        except PyJWKClientError:
+            pass
+        except PyJWKSetError:
            pass
    return _verify_jwt_hs256(token)
Author	SHA1	Message	Date
Renovate Bot	c896075ead	chore(deps): update dependency cryptography to v45.0.7 Some checks failed renovate/artifacts Artifact file update failure CI / backend-tests (pull_request) Failing after 46s Details CI / frontend-tests (pull_request) Successful in 33s Details	2026-03-22 09:02:05 +00:00
Julian Tabel	ac0a04e71f	fix: catch PyJWKSetError in JWT verification fallback All checks were successful CI / backend-tests (push) Successful in 29s Details CI / frontend-tests (push) Successful in 28s Details PyJWKSetError is not a subclass of PyJWKClientError — they are siblings under PyJWTError. The empty JWKS key set error was not being caught. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-22 09:56:58 +01:00
TheFurya	94cc74c0fb	Merge pull request 'Fix except clause syntax in JWT verification fallback' (#81 ) from feature/fix-except-clause-syntax-in-jwt-verification into develop All checks were successful CI / backend-tests (push) Successful in 30s Details CI / frontend-tests (push) Successful in 28s Details Reviewed-on: #81	2026-03-22 09:53:43 +01:00
Julian Tabel	41a18edb4f	fix: use separate except clauses for JWT verification fallback All checks were successful CI / backend-tests (pull_request) Successful in 29s Details CI / frontend-tests (pull_request) Successful in 29s Details ruff format strips parentheses from `except (A, B):`, turning it into Python 2 comma syntax that only catches the first exception. Use separate except clauses so PyJWKClientError is actually caught. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-22 09:52:33 +01:00