-
Notifications
You must be signed in to change notification settings - Fork 174
Closed
Labels
feature requestA feature has been asked for or suggested by the communityA feature has been asked for or suggested by the community
Description
Checklist
- I have looked into the Readme and Examples, and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
There is a high-severity vulnerability in Cryptography < 42, see GHSA-3ww4-gg4f-jr7f
Since this library forces Crytpography < 42, I cannot upgrade to a non-vulnerable version.
Describe the ideal solution
The dependency version for Cryptography is relaxed at
Line 31 in a31c62b
cryptography = "^41.0.5" # pyjwt has a weak dependency on cryptography |
Alternatives and current workarounds
No workaround is available for Poetry since this is a hard requirement from the auth0-python library.
Additional context
No response
shchotse, r-thomson, werkshy, divya-layerhealth, mathiazom and 2 more
Metadata
Metadata
Assignees
Labels
feature requestA feature has been asked for or suggested by the communityA feature has been asked for or suggested by the community