Picard 3.0.0a4 now declares PyJWT~=2.12, which translates to a requirement of PyJWT >= 2.12, < 3.

PyJWT 2.12 was only released very recently, and this requirement makes Picard unsatisfiable in environments (such as Fedora) that currently ship older PyJWT 2.x versions. Previous Picard releases used a broader 2.x-compatible dependency and did not have this restriction.

From reviewing the PyJWT changelog, it is not clear that Picard requires functionality specific to 2.12. The most notable change appears to be a security fix around validation of the crit header parameter, but it is not obvious whether Picard depends on this behavior.

From the Fedora side, this change would require coordinating an update of the python-jwt package, effectively creating a packaging fire drill for a dependency that was previously working with a broader version range.

Is there a specific reason Picard now requires PyJWT 2.12 or newer? If not, it would be preferable to relax this requirement back to a broader 2.x range (e.g. PyJWT~=2.0) to maintain compatibility with distribution environments.

This may also be similar in nature to the earlier PyQt6-Qt6 dependency, where a requirement appropriate for pip-based environments does not translate well to distro packaging.

I would be happy to test any adjustments.