PYSEC-2025-183 appears to contain an invalid empty range event, which breaks uv audit.
Current OSV API response includes empty {}:
https://github.com/pypa/advisory-database/blob/main/vulns/pyjwt/PYSEC-2025-183.yaml#L5-L10
The empty {} event does not seem valid according to the OSV schema, where an event should contain one of introduced, fixed, last_affected, or limit.
This causes uv audit to fail before reporting results:
error: error decoding response body
Caused by: expected value at line 1 column 791
Reproduced with uv 0.11.3 and uv 0.11.11 when auditing a project that includes pyjwt.
Could this advisory be updated to remove or replace the empty event?
PYSEC-2025-183appears to contain an invalid empty range event, which breaksuv audit.Current OSV API response includes empty
{}:https://github.com/pypa/advisory-database/blob/main/vulns/pyjwt/PYSEC-2025-183.yaml#L5-L10
The empty
{}event does not seem valid according to the OSV schema, where an event should contain one ofintroduced,fixed,last_affected, orlimit.This causes
uv auditto fail before reporting results:Reproduced with
uv 0.11.3anduv 0.11.11when auditing a project that includespyjwt.Could this advisory be updated to remove or replace the empty event?