Skip to content

Allow crytography >= 42 to resolve high-severity security vulnerability. #600

@phillipuniverse

Description

@phillipuniverse

Checklist

  • I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • I have looked into the API documentation and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

There is a high-severity vulnerability in Cryptography < 42, see GHSA-3ww4-gg4f-jr7f

Since this library forces Crytpography < 42, I cannot upgrade to a non-vulnerable version.

Describe the ideal solution

The dependency version for Cryptography is relaxed at

cryptography = "^41.0.5" # pyjwt has a weak dependency on cryptography
to allow cryptography >= 42.

Alternatives and current workarounds

No workaround is available for Poetry since this is a hard requirement from the auth0-python library.

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature requestA feature has been asked for or suggested by the community

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions