The most recent version depends on the vulnerable lxlm version

SAML-Toolkits / python3-saml

MIT License

672 stars 302 forks source link

The most recent version depends on the vulnerable lxlm version #336

Closed lexabug closed 1 year ago

lexabug commented 1 year ago

The most recent version of the python3-saml (v1.14.0) depends on the vulnerable version of the lxml (<4.7.1, see here). The pyup.io says that the only version of the lxml without know vulnerabilities is v4.9.1. Are you planing to eliminate the vulnerable dependency?

kleptog commented 1 year ago

Hopefully a new release soon, see #320.

lexabug commented 1 year ago

@kleptog great news! Thx.

pitbulk commented 1 year ago

Hi, I'm trying to get time to put everything running, I will give priority to this new release

pitbulk commented 1 year ago

Next release will not restrict lxml