fix: pyjwt vulnerability

[necusjz]

---

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

a bump for https://github.com/Azure/azure-cli-extensions/security/dependabot/42.

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
• My extension version conforms to the Extension version schema

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

[azure-client-tools-bot-prd]

️✔️Azure CLI Extensions Breaking Change Test

️✔️Non Breaking Changes

[Copilot]

Pull request overview

This PR updates the attestation Azure CLI extension to address a Dependabot-reported PyJWT security vulnerability by bumping the PyJWT dependency and the extension version, with corresponding release notes.

Changes:

• Bump extension version from 1.0.1 to 1.0.2.
• Update dependency pyjwt from ~=2.12.0 to ~=2.13.0.
• Add a 1.0.2 entry to HISTORY.rst documenting the CVE-related fix.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/attestation/setup.py	Bumps extension version and updates the PyJWT dependency constraint.
src/attestation/HISTORY.rst	Documents the new release and the security-driven dependency bump.

[yonzhan]

fix pyjwt vulnerability

[azclibot]

[Release] Update index.json for extension [ attestation-1.0.2 ] : https://dev.azure.com/msazure/One/_build/results?buildId=168186411&view=results