Bump PyJWT to 2.10.0 (#130907)

* Bump PyJWT to 2.10.0

changelog: https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0

* handle new keys

* add test to verify all default options are checked for merge

homeassistant/auth/jwt_wrapper.py

@@ -18,7 +18,7 @@ from homeassistant.util.json import json_loads
 JWT_TOKEN_CACHE_SIZE = 16
 MAX_TOKEN_SIZE = 8192
 
-_VERIFY_KEYS = ("signature", "exp", "nbf", "iat", "aud", "iss")
+_VERIFY_KEYS = ("signature", "exp", "nbf", "iat", "aud", "iss", "sub", "jti")
 
 _VERIFY_OPTIONS: dict[str, Any] = {f"verify_{key}": True for key in _VERIFY_KEYS} | {
     "require": []

homeassistant/package_constraints.txt

@@ -47,7 +47,7 @@ paho-mqtt==1.6.1
 Pillow==11.0.0
 propcache==0.2.0
 psutil-home-assistant==0.0.1
-PyJWT==2.9.0
+PyJWT==2.10.0
 pymicro-vad==1.0.1
 PyNaCl==1.5.0
 pyOpenSSL==24.2.1

pyproject.toml

@@ -53,7 +53,7 @@ dependencies    = [
     "ifaddr==0.2.0",
     "Jinja2==3.1.4",
     "lru-dict==1.3.0",
-    "PyJWT==2.9.0",
+    "PyJWT==2.10.0",
     # PyJWT has loose dependency. We want the latest one.
     "cryptography==43.0.1",
     "Pillow==11.0.0",

requirements.txt

@@ -25,7 +25,7 @@ home-assistant-bluetooth==1.13.0
 ifaddr==0.2.0
 Jinja2==3.1.4
 lru-dict==1.3.0
-PyJWT==2.9.0
+PyJWT==2.10.0
 cryptography==43.0.1
 Pillow==11.0.0
 propcache==0.2.0

tests/auth/test_jwt_wrapper.py

@@ -6,6 +6,12 @@ import pytest
 from homeassistant.auth import jwt_wrapper
 
 
+async def test_all_default_options_are_in_verify_options() -> None:
+    """Test that all default options in _VERIFY_OPTIONS."""
+    for option in jwt_wrapper._PyJWTWithVerify._get_default_options():
+        assert option in jwt_wrapper._VERIFY_OPTIONS
+
+
 async def test_reject_access_token_with_impossible_large_size() -> None:
     """Test rejecting access tokens with impossible sizes."""
     with pytest.raises(jwt.DecodeError):