Bump the pip group across 1 directory with 2 updates

[dependabot]

Bumps the pip group with 2 updates in the /aws-python-auth0-custom-authorizers-api directory: cryptography and pyjwt.

Updates cryptography from 2.3 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:
46.0.4 - 2026-01-27

• Dropped support for win_arm64 wheels_.
• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

46.0.3 - 2025-10-15

* Fixed compilation when using LibreSSL 4.2.0.
.. _v46-0-2:
46.0.2 - 2025-09-30

• Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.

.. _v46-0-1:

46.0.1 - 2025-09-16

* Fixed an issue where users installing via ``pip`` on Python 3.14 development
  versions would not properly install a dependency.
* Fixed an issue building the free-threaded macOS 3.14 wheels.
.. _v46-0-0:
46.0.0 - 2025-09-16

• BACKWARDS INCOMPATIBLE: Support for Python 3.7 has been removed.

... (truncated)

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• e6f44fc bump for 46.0.4 and drop win arm64 due to CI issues (#14217)
• c0af4dd release 46.0.3 (#13681)
• 99efe5a bump version for 46.0.2 (#13531)
• e735cfc release 46.0.1 (#13450)
• 4e457ff Explicitly specify python in mac uv build invocation (#13447)
• 2726efd Depend on CFFI 2.0.0 or newer on Python > 3.8 (#13448)
• 6223062 release 46.0.0 (#13446)
• Additional commits viewable in compare view

Updates pyjwt from 1.6.4 to 2.4.0

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

• [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24

What's Changed

• Add support for Python 3.10 by @​hugovk in jpadilla/pyjwt#699
• Don't use implicit optionals by @​rekyungmin in jpadilla/pyjwt#705
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#708
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#710
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#711
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#712
• documentation fix: show correct scope for decode_complete() by @​sseering in jpadilla/pyjwt#661
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#716
• Explicit check the key for ECAlgorithm by @​estin in jpadilla/pyjwt#713
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#720
• api_jwk: Add PyJWKSet.getitem by @​woodruffw in jpadilla/pyjwt#725
• Update usage.rst by @​guneybilen in jpadilla/pyjwt#727
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#728
• fix: Update copyright information by @​kkirsche in jpadilla/pyjwt#729
• Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @​dmahr1 in jpadilla/pyjwt#734
• Fixed typo in usage.rst by @​israelabraham in jpadilla/pyjwt#738
• Add detached payload support for JWS encoding and decoding by @​fviard in jpadilla/pyjwt#723
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#740
• Raise DeprecationWarning for jwt.decode(verify=...) by @​akx in jpadilla/pyjwt#742
• Don't mutate options dictionary in .decode_complete() by @​akx in jpadilla/pyjwt#743
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#748
• Replace various string interpolations with f-strings by @​akx in jpadilla/pyjwt#744
• Update CHANGELOG.rst by @​hipertracker in jpadilla/pyjwt#751

New Contributors

• @​hugovk made their first contribution in jpadilla/pyjwt#699
• @​rekyungmin made their first contribution in jpadilla/pyjwt#705
• @​sseering made their first contribution in jpadilla/pyjwt#661
• @​estin made their first contribution in jpadilla/pyjwt#713
• @​woodruffw made their first contribution in jpadilla/pyjwt#725
• @​guneybilen made their first contribution in jpadilla/pyjwt#727
• @​dmahr1 made their first contribution in jpadilla/pyjwt#734
• @​israelabraham made their first contribution in jpadilla/pyjwt#738
• @​fviard made their first contribution in jpadilla/pyjwt#723
• @​akx made their first contribution in jpadilla/pyjwt#742
• @​hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: jpadilla/pyjwt@2.3.0...2.4.0

2.3.0

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jpadilla/pyjwt#700
• Add exception chaining by @​ehdgua01 in jpadilla/pyjwt#702
• Revert "Remove arbitrary kwargs." by @​auvipy in jpadilla/pyjwt#701

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>__

Security

- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in `[#713](https://github.com/jpadilla/pyjwt/issues/713) <https://github.com/jpadilla/pyjwt/pull/713>`__
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in `[#742](https://github.com/jpadilla/pyjwt/issues/742) <https://github.com/jpadilla/pyjwt/pull/742>`__
Fixed

- Don't use implicit optionals by @rekyungmin in `[#705](https://github.com/jpadilla/pyjwt/issues/705) <https://github.com/jpadilla/pyjwt/pull/705>`__
- documentation fix: show correct scope for decode_complete() by @sseering in `[#661](https://github.com/jpadilla/pyjwt/issues/661) <https://github.com/jpadilla/pyjwt/pull/661>`__
- fix: Update copyright information by @kkirsche in `[#729](https://github.com/jpadilla/pyjwt/issues/729) <https://github.com/jpadilla/pyjwt/pull/729>`__
- Don't mutate options dictionary in .decode_complete() by @akx in `[#743](https://github.com/jpadilla/pyjwt/issues/743) <https://github.com/jpadilla/pyjwt/pull/743>`__

Added


Add support for Python 3.10 by @hugovk in [#699](https://github.com/jpadilla/pyjwt/issues/699) <https://github.com/jpadilla/pyjwt/pull/699>__
api_jwk: Add PyJWKSet.getitem by @woodruffw in [#725](https://github.com/jpadilla/pyjwt/issues/725) <https://github.com/jpadilla/pyjwt/pull/725>__
Update usage.rst by @guneybilen in [#727](https://github.com/jpadilla/pyjwt/issues/727) <https://github.com/jpadilla/pyjwt/pull/727>__
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in [#734](https://github.com/jpadilla/pyjwt/issues/734) <https://github.com/jpadilla/pyjwt/pull/734>__
Fixed typo in usage.rst by @israelabraham in [#738](https://github.com/jpadilla/pyjwt/issues/738) <https://github.com/jpadilla/pyjwt/pull/738>__
Add detached payload support for JWS encoding and decoding by @fviard in [#723](https://github.com/jpadilla/pyjwt/issues/723) <https://github.com/jpadilla/pyjwt/pull/723>__
Replace various string interpolations with f-strings by @akx in [#744](https://github.com/jpadilla/pyjwt/issues/744) <https://github.com/jpadilla/pyjwt/pull/744>__
Update CHANGELOG.rst by @hipertracker in [#751](https://github.com/jpadilla/pyjwt/issues/751) <https://github.com/jpadilla/pyjwt/pull/751>__

v2.3.0 <https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0>__
Fixed

- Revert "Remove arbitrary kwargs." `[#701](https://github.com/jpadilla/pyjwt/issues/701) <https://github.com/jpadilla/pyjwt/pull/701>`__

Added


Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) <https://github.com/jpadilla/pyjwt/pull/702>__

v2.2.0 <https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0>__
</tr></table>

</code></pre>

</blockquote>

<p>... (truncated)</p>

</details>

<details>

<summary>Commits</summary>
<ul>

<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653&quot;&gt;&lt;code&gt;83ff831&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9&quot;&gt;&lt;code&gt;4c1ce8f&lt;/code&gt;&lt;/a> chore: update changelog</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea&quot;&gt;&lt;code&gt;96f3f02&lt;/code&gt;&lt;/a> fix: failing advisory test</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc&quot;&gt;&lt;code&gt;9c52867&lt;/code&gt;&lt;/a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc&quot;&gt;&lt;code&gt;24b29ad&lt;/code&gt;&lt;/a> Update CHANGELOG.rst (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/751&quot;&gt;#751&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f&quot;&gt;&lt;code&gt;31f5acb&lt;/code&gt;&lt;/a> Replace various string interpolations with f-strings (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/744&quot;&gt;#744&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda&quot;&gt;&lt;code&gt;5581a31&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/748&quot;&gt;#748&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6&quot;&gt;&lt;code&gt;3d4d822&lt;/code&gt;&lt;/a> Don't mutate options dictionary in .decode_complete() (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/743&quot;&gt;#743&lt;/a&gt;)&lt;/li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613&quot;&gt;&lt;code&gt;1f1fe15&lt;/code&gt;&lt;/a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>

<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e&quot;&gt;&lt;code&gt;35fa28e&lt;/code&gt;&lt;/a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/jpadilla/pyjwt/issues/740&quot;&gt;#740&lt;/a&gt;)&lt;/li>

<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.6.4...2.4.0&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

You can disable automated security fix PRs for this repo from the Security Alerts page.