From 347767e437be4bcfea5153fc3c90cfae92c76a43 Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <contact@me.gantoine.com>
Date: Mon, 8 Sep 2025 11:54:03 -0400
Subject: [PATCH] Update joserfc to 1.3 to fix CVA

---
 backend/config/__init__.py |  4 +++-
 pyproject.toml             |  2 +-
 uv.lock                    | 10 +++++-----
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/config/__init__.py b/backend/config/__init__.py
index dd81f9d40..096403a72 100644
--- a/backend/config/__init__.py
+++ b/backend/config/__init__.py
@@ -97,7 +97,9 @@ HASHEOUS_API_ENABLED: Final[bool] = str_to_bool(
 TGDB_API_ENABLED: Final[bool] = str_to_bool(os.environ.get("TGDB_API_ENABLED", "false"))
 
 # AUTH
-ROMM_AUTH_SECRET_KEY: Final = os.environ.get("ROMM_AUTH_SECRET_KEY")
+ROMM_AUTH_SECRET_KEY: Final[str] = os.environ.get("ROMM_AUTH_SECRET_KEY", "")
+if not ROMM_AUTH_SECRET_KEY:
+    raise ValueError("ROMM_AUTH_SECRET_KEY environment variable is not set!")
 
 SESSION_MAX_AGE_SECONDS: Final = int(
     os.environ.get("SESSION_MAX_AGE_SECONDS", 14 * 24 * 60 * 60)
diff --git a/pyproject.toml b/pyproject.toml
index ed208cbac..60699026c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -24,7 +24,7 @@ dependencies = [
   "fastapi[standard-no-fastapi-cloud-cli] ~= 0.116",
   "gunicorn ~= 23.0",
   "httpx ~= 0.27",
-  "joserfc ~= 1.2",
+  "joserfc ~= 1.3",
   "opentelemetry-distro ~= 0.56",
   "opentelemetry-exporter-otlp ~= 1.36",
   "opentelemetry-instrumentation-aiohttp-client ~= 0.56",
diff --git a/uv.lock b/uv.lock
index 0f6d74cbd..cc542d5c4 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1,5 +1,5 @@
 version = 1
-revision = 3
+revision = 2
 requires-python = ">=3.13"
 resolution-markers = [
     "platform_python_implementation != 'PyPy'",
@@ -822,14 +822,14 @@ wheels = [
 
 [[package]]
 name = "joserfc"
-version = "1.2.2"
+version = "1.3.2"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "cryptography" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/00/f2/69000edacf874ea26f331398d28b0d9f58e40f2cb24851666359abf161fb/joserfc-1.2.2.tar.gz", hash = "sha256:0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200", size = 192865, upload-time = "2025-07-14T02:57:48.661Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/9e/ca/416df9a71e2eacca95a55f9a4978cd771742c0eccf14e07e088315554c6f/joserfc-1.3.2.tar.gz", hash = "sha256:147bbba5b0b7c29fa270921dc1f17d83b48ccf0fecf51295b8de1ff1b682ca53", size = 196379, upload-time = "2025-09-04T06:51:11.349Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/11/7a/95ba6c5b478dee3528007e480706b39fcf782a270949855868c07a645203/joserfc-1.2.2-py3-none-any.whl", hash = "sha256:630cc36b2f11f749980401b0cd7305fab5735ee11d830d919bc207305d011358", size = 73275, upload-time = "2025-07-14T02:57:47.538Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/2a/f4915889af9b77d8ea96797640e77ca1995037eaa456be2cdc80ef4a7507/joserfc-1.3.2-py3-none-any.whl", hash = "sha256:81a1d14a0da6d0278f963cb6d6ee43b4640552341b6e984d1535083eba535723", size = 74499, upload-time = "2025-09-04T06:51:09.863Z" },
 ]
 
 [[package]]
@@ -1970,7 +1970,7 @@ requires-dist = [
     { name = "httpx", specifier = "~=0.27" },
     { name = "ipdb", marker = "extra == 'dev'", specifier = "~=0.13" },
     { name = "ipykernel", marker = "extra == 'dev'", specifier = "~=6.29" },
-    { name = "joserfc", specifier = "~=1.2" },
+    { name = "joserfc", specifier = "~=1.3" },
     { name = "memray", marker = "extra == 'dev'", specifier = "~=1.15" },
     { name = "mypy", marker = "extra == 'dev'", specifier = "~=1.13" },
     { name = "opentelemetry-distro", specifier = "~=0.56" },