search

eth-brownie / brownie

A Python-based development and testing framework for smart contracts targeting the Ethereum Virtual Machine.
https://eth-brownie.readthedocs.io
MIT License
2.64k stars 554 forks source link

Update Dependencies: PyJWT, eth-utils #1506

Open tonydattolo opened 2 years ago

tonydattolo commented 2 years ago

Environment information

Update dependencies or change hard requirements for very common dependencies used in many other projects. For example, PyJWT and eth-utils are causing a lot of issues. 1.7.1 pyjwt is almost 4 years old at this point and is crucial to modern user authentication in python backends which now have their own hard requirements of minimum 2.0.0 or 2.1.0 (current is 2.3.0)

Cannot integrate with the backend with these dependencies

jTiKey commented 2 years ago

Yes, it has vulnerabilities as well: https://vuldb.com/?id.200637

I found that pythx(which is used here) also is outdated: "pythx 1.6.1 depends on PyJWT<1.8.0 and >=1.7.0"

I've created a pull request to upgrade pythx and then look into upgrading brownie.