Bump jsonwebtoken from 9.3.1 to 10.4.0

[dependabot]

Bumps jsonwebtoken from 9.3.1 to 10.4.0.

Changelog

Sourced from jsonwebtoken's changelog.

10.4.0 (2026-05-11)

• Fix incorrect encoding for Ed25519 JWK thumbprints
• Make Algorithm.family public and add Validation.new_for_family
• EncodingKey and DecodingKey are now partially zeroized on drop (the intermediate PemEncodedKey isn't so far)

10.3.0 (2026-01-27)

• Export everything needed to define your own CryptoProvider
• Fix type confusion with exp/nbf when not required

10.2.0 (2025-11-06)

• Remove Clone bound from decode functions

10.1.0 (2025-10-18)

• add dangerous::insecure_decode
• Implement TryFrom &Jwk for DecodingKey

10.0.0 (2025-09-29)

• BREAKING: now using traits for crypto backends, you have to choose between aws_lc_rs and rust_crypto
• Add Clone bound to decode
• Support decoding byte slices
• Support JWS

Commits

• 69a8fbf v10.4.0
• d18e40f Update changelog for 10.4.0 (#507)
• ddd2389 security: zeroize encoding and decoding keys (#483)
• 991e89a Fix more clippy complaints (#503)
• 75f2113 algorithms: expose AlgorithmFamily (#466)
• 0c5931a Fixup typo in the DecodingKey::from_ec_der method (#501)
• 8a80349 Small fixes (#498)
• 9934c7f Fix formatting in Ed25519 key serialization (#485)
• abbc307 Fix type confusion
• e99740d fix: bump minimal version requirements (#481)
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.