python-jwt: address CVE-2022-39227 (#3879)

SPECS/python-jwt/CVE-2022-39227.nopatch

@@ -0,0 +1,7 @@
+CVE-2022-39227 - This CVE does not impact us since this CVE is for davedoesdev/python-jwt, and we are using jpadilla/pyjwt. packages-mapping.json has been updated to fix future CVE scannings
+
+NIST
+https://nvd.nist.gov/vuln/detail/CVE-2022-39227
+
+Fix
+n/a

SPECS/python-jwt/python-jwt.spec

@@ -1,3 +1,4 @@
+# This package refers to PyJWT(https://github.com/jpadilla/pyjwt). Not to be confused with python-jwt(https://github.com/davedoesdev/python-jwt)
 # what it's called on pypi
 %global srcname PyJWT
 # what it's imported as
@@ -17,7 +18,7 @@ encrypted JSON objects.}
 
 Name:           python-%{pkgname}
 Version:        2.4.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        JSON Web Token implementation in Python
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -69,6 +70,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} \
 %endif
 
 %changelog
+* Fri Sep 30 2022 Saul Paredes <saulparedes@microsoft.com> - 2.4.0-2
+- Updating to 2.4.0-2 to fix CVE-2022-39227 (no patch, false positive confusion with python-jwt. Scanning tool to be updated).
+
 * Wed Jun 08 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.4.0-1
 - Updating to 2.4.0 to fix CVE-2022-29217.