Advisories for Pypi/Djangorestframework-Jwt package

Attackers with access to a notionally invalidated token could obtain a new, working token via the refresh endpoint, because the denylist protection mechanism is incompatible with the token-refresh feature.