From b7430cec91f032e15341a352b53e130db03f1798 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Feb 2026 18:55:26 +0000
Subject: [PATCH] Bump jsonwebtoken from 9.3.1 to 10.3.0

Bumps [jsonwebtoken](https://github.com/Keats/jsonwebtoken) from 9.3.1 to 10.3.0.
- [Changelog](https://github.com/Keats/jsonwebtoken/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Keats/jsonwebtoken/compare/v9.3.1...v10.3.0)

---
updated-dependencies:
- dependency-name: jsonwebtoken
  dependency-version: 10.3.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 Cargo.lock                               | 7 ++++---
 crates/loom-server-github-app/Cargo.toml | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 050f40e9..82a732e1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4345,16 +4345,17 @@ dependencies = [
 
 [[package]]
 name = "jsonwebtoken"
-version = "9.3.1"
+version = "10.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
+checksum = "0529410abe238729a60b108898784df8984c87f6054c9c4fcacc47e4803c1ce1"
 dependencies = [
  "base64",
+ "getrandom 0.2.17",
  "js-sys",
  "pem",
- "ring",
  "serde",
  "serde_json",
+ "signature",
  "simple_asn1",
 ]
 
diff --git a/crates/loom-server-github-app/Cargo.toml b/crates/loom-server-github-app/Cargo.toml
index 7ca11c74..eda02a91 100644
--- a/crates/loom-server-github-app/Cargo.toml
+++ b/crates/loom-server-github-app/Cargo.toml
@@ -25,7 +25,7 @@ tokio = { workspace = true }
 tracing = { workspace = true }
 
 # JWT signing
-jsonwebtoken = "9"
+jsonwebtoken = "10"
 
 # HMAC for webhook verification
 loom-common-webhook = { path = "../loom-common-webhook" }