Closed phillipuniverse closed 4 months ago
Would really appreciate this being addressed.
please address. this is a high vulnerability being detected as it is now on https://nvd.nist.gov/vuln/detail/CVE-2024-26130
https://github.com/auth0/auth0-python/pull/597 a pr is already out there ready for approval.
Checklist
Describe the problem you'd like to have solved
There is a high-severity vulnerability in Cryptography < 42, see https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
Since this library forces Crytpography < 42, I cannot upgrade to a non-vulnerable version.
Describe the ideal solution
The dependency version for Cryptography is relaxed at https://github.com/auth0/auth0-python/blob/a31c62b85c8654259da0acb67517a3130120595c/pyproject.toml#L31 to allow cryptography >= 42.
Alternatives and current workarounds
No workaround is available for Poetry since this is a hard requirement from the auth0-python library.
Additional context
No response