chore(deps): Bump the python-runtime group in /spiffe with 3 updates

[dependabot]

Bumps the python-runtime group in /spiffe with 3 updates: grpcio, cryptography and pyjwt.

Updates grpcio from 1.76.0 to 1.78.0

Release notes

Sourced from grpcio's releases.

Release v1.78.0

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

• adding address_sorting dep in naming test build. (#41045)

Objective-C

• [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#41358)

Python

• [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#40989)
• [Python] Migrate to pyproject.toml build system from setup.py builds. (#40833)
• [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#40921)
• [Python] Update setuptools min version to 77.0.1 . (#40931)

Ruby

• [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#41061)

Release v1.78.0-pre2

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Release v1.78.0-pre1

This is a prerelease of gRPC Core 1.78.0 (gutsy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This prerelease contains refinements, improvements, and bug fixes.

Commits

• 5e6ba94 [build] add missing includes (backport to 1.78.x) (#41518)
• e364c5c [PHP] ignore PHPUnit security advisory in Mac build (backport to 1.78.x) (#41...
• ea4d627 [Release] Bump version to 1.78.0 (on v1.78.x branch) (#41489)
• 9840ecd [Release] Bump version to 1.78.0-pre2 (on v1.78.x branch) (#41397)
• ea1d162 [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for ...
• 818a08f [Backport][v1.78.x][PHP] Fix runtime error with PHp8.5 alpha because zend_exc...
• f7f1302 [Backport][v1.78.x][Fix][Build] Move xds-protos templates to the new path (#4...
• a382034 [Release] Bump version to 1.78.0-pre1 (on v1.78.x branch) (#41290)
• 8d22d62 [Release] Bump core version to 52.0.0 for upcoming release (#41288)
• ad19eab [PH2][Settings][Security]
• Additional commits viewable in compare view

Updates cryptography from 46.0.4 to 46.0.5

Changelog

Sourced from cryptography's changelog.

46.0.5 - 2026-02-10

* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.
.. v46-0-4:

Commits

• 06e120e bump version for 46.0.5 release (#14289)
• 0eebb9d EC check key on cofactor > 1 (#14287)
• bedf6e1 fix openssl version on 46 branch (#14220)
• See full diff in compare view

Updates pyjwt from 2.10.1 to 2.11.0

Release notes

Sourced from pyjwt's releases.

2.11.0

What's Changed

• Fixed type error in comment by @​shuhaib-aot in jpadilla/pyjwt#1026
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1018
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1033
• Make note of use of leeway with nbf by @​djw8605 in jpadilla/pyjwt#1034
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1035
• Fixes #964: Validate key against allowed types for Algorithm family by @​pachewise in jpadilla/pyjwt#985
• Feat #1024: Add iterator for PyJWKSet by @​pachewise in jpadilla/pyjwt#1041
• Fixes #1039: Add iss, issuer type checks by @​pachewise in jpadilla/pyjwt#1040
• Fixes #660: Improve typing/logic for options in decode, decode_complete; Improve docs by @​pachewise in jpadilla/pyjwt#1045
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1042
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1052
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1053
• Fix #1022: Map algorithm=None to "none" by @​qqii in jpadilla/pyjwt#1056
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1055
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1058
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1060
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1061
• Fixes #1047: Correct PyJWKClient.get_signing_key_from_jwt annotation by @​khvn26 in jpadilla/pyjwt#1048
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1062
• Fixed doc string typo in _validate_jti() function #1063 by @​kuldeepkhatke in jpadilla/pyjwt#1064
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1065
• Update SECURITY.md by @​auvipy in jpadilla/pyjwt#1057
• Typing fix: use float instead of int for lifespan and timeout by @​nikitagashkov in jpadilla/pyjwt#1068
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1067
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1071
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1076
• Fix TYP header documentation by @​fobiasmog in jpadilla/pyjwt#1046
• doc: Document claims sub and jti by @​cleder in jpadilla/pyjwt#1088
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1077
• Bump actions/setup-python from 5 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1089
• Bump actions/stale from 8 to 10 by @​dependabot[bot] in jpadilla/pyjwt#1090
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in jpadilla/pyjwt#1083
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1091
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1093
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in jpadilla/pyjwt#1096
• Resolve package build warnings by @​kurtmckee in jpadilla/pyjwt#1105
• Support Python 3.14, and test against PyPy 3.10+ by @​kurtmckee in jpadilla/pyjwt#1104
• Fix a SyntaxWarning caused by invalid escape sequences by @​kurtmckee in jpadilla/pyjwt#1103
• Standardize CHANGELOG links to PRs by @​kurtmckee in jpadilla/pyjwt#1110
• Migrate from pep517, which is deprecated, to build by @​kurtmckee in jpadilla/pyjwt#1108
• Fix incorrectly-named test suite function by @​kurtmckee in jpadilla/pyjwt#1116
• Fix Read the Docs builds by @​kurtmckee in jpadilla/pyjwt#1111
• Bump actions/download-artifact from 4 to 6 by @​dependabot[bot] in jpadilla/pyjwt#1118
• Escalate test suite warnings to errors by @​kurtmckee in jpadilla/pyjwt#1107
• Add pyupgrade as a pre-commit hook by @​kurtmckee in jpadilla/pyjwt#1109
• Simplify the test suite decorators by @​kurtmckee in jpadilla/pyjwt#1113
• Improve coverage config and eliminate unused test suite code by @​kurtmckee in jpadilla/pyjwt#1115
• Build a shared wheel once in the test suite by @​kurtmckee in jpadilla/pyjwt#1114

... (truncated)

Changelog

Sourced from pyjwt's changelog.

v2.11.0 <https://github.com/jpadilla/pyjwt/compare/2.10.1...2.11.0>__

Fixed

- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in `[#1105](https://github.com/jpadilla/pyjwt/issues/1105) <https://github.com/jpadilla/pyjwt/pull/1105>`__
- Validate key against allowed types for Algorithm family in `[#964](https://github.com/jpadilla/pyjwt/issues/964) <https://github.com/jpadilla/pyjwt/pull/964>`__
- Add iterator for JWKSet in `[#1041](https://github.com/jpadilla/pyjwt/issues/1041) <https://github.com/jpadilla/pyjwt/pull/1041>`__
- Validate `iss` claim is a string during encoding and decoding by @pachewise in `[#1040](https://github.com/jpadilla/pyjwt/issues/1040) <https://github.com/jpadilla/pyjwt/pull/1040>`__
- Improve typing/logic for `options` in decode, decode_complete by @pachewise in `[#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>`__
- Declare float supported type for lifespan and timeout by @nikitagashkov in `[#1068](https://github.com/jpadilla/pyjwt/issues/1068) <https://github.com/jpadilla/pyjwt/pull/1068>`__
- Fix ``SyntaxWarning``\s/``DeprecationWarning``\s caused by invalid escape sequences by @kurtmckee in `[#1103](https://github.com/jpadilla/pyjwt/issues/1103) <https://github.com/jpadilla/pyjwt/pull/1103>`__
- Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in `[#1114](https://github.com/jpadilla/pyjwt/issues/1114) <https://github.com/jpadilla/pyjwt/pull/1114>`__
- Development: Test type annotations across all supported Python versions,
  increase the strictness of the type checking, and remove the mypy pre-commit hook
  by @kurtmckee in `[#1112](https://github.com/jpadilla/pyjwt/issues/1112) <https://github.com/jpadilla/pyjwt/pull/1112>`__
Added

• Support Python 3.14, and test against PyPy 3.10 and 3.11 by @​kurtmckee in [#1104](https://github.com/jpadilla/pyjwt/issues/1104) <https://github.com/jpadilla/pyjwt/pull/1104>__
• Development: Migrate to build to test package building in CI by @​kurtmckee in [#1108](https://github.com/jpadilla/pyjwt/issues/1108) <https://github.com/jpadilla/pyjwt/pull/1108>__
• Development: Improve coverage config and eliminate unused test suite code by @​kurtmckee in [#1115](https://github.com/jpadilla/pyjwt/issues/1115) <https://github.com/jpadilla/pyjwt/pull/1115>__
• Docs: Standardize CHANGELOG links to PRs by @​kurtmckee in [#1110](https://github.com/jpadilla/pyjwt/issues/1110) <https://github.com/jpadilla/pyjwt/pull/1110>__
• Docs: Fix Read the Docs builds by @​kurtmckee in [#1111](https://github.com/jpadilla/pyjwt/issues/1111) <https://github.com/jpadilla/pyjwt/pull/1111>__
• Docs: Add example of using leeway with nbf by @​djw8605 in [#1034](https://github.com/jpadilla/pyjwt/issues/1034) <https://github.com/jpadilla/pyjwt/pull/1034>__
• Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @​pachewise in [#1045](https://github.com/jpadilla/pyjwt/issues/1045) <https://github.com/jpadilla/pyjwt/pull/1045>__
• Docs: Documentation improvements for "sub" and "jti" claims by @​cleder in [#1088](https://github.com/jpadilla/pyjwt/issues/1088) <https://github.com/jpadilla/pyjwt/pull/1088>__
• Development: Add pyupgrade as a pre-commit hook by @​kurtmckee in [#1109](https://github.com/jpadilla/pyjwt/issues/1109) <https://github.com/jpadilla/pyjwt/pull/1109>__
• Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead.
• Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions.

Commits

• 697344d bump up version
• e4d0aec fix: pre-commit
• df9a6a0 fix: failing test
• 2b2e53c fix: docs
• 635c8d8 fix: failing mypy
• 96ae356 feat: add minimum key length validation for HMAC and RSA
• 5b86227 fix: enforce ECDSA curve validation per RFC 7518 Section 3.4
• 04947d7 Bump actions/download-artifact from 6 to 7 (#1125)
• dd44834 Fix leeway value in usage documentation (#1124)
• 407f0bd Thoroughly test type annotations, and resolve errors (#1112)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
cryptography	[>= 43.a, < 44]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[maxlambrecht]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.