The most recent version of the python3-saml (v1.14.0) depends on the vulnerable version of the lxml (<4.7.1, see here). The pyup.io says that the only version of the lxml without know vulnerabilities is v4.9.1.
Are you planing to eliminate the vulnerable dependency?
The most recent version of the python3-saml (
v1.14.0
) depends on the vulnerable version of the lxml (<4.7.1
, see here). The pyup.io says that the only version of the lxml without know vulnerabilities isv4.9.1
. Are you planing to eliminate the vulnerable dependency?