Open YaraslauZhylko opened 2 months ago
Hello, thank you for suggestions. I will work on updating library and resolving the issues.
Any luck with this @markomirosavljev? (thanks for the great library btw!)
Hi, did some work on this and I'll continue to work on it in the next days. I didn't had enough time to focus on this in the previous period.
Thanks again @markomirosavljev for your on this! Don't hesitate to ask for help from the community on reviews. I think several people (and organizations) are waiting on this to address a CVE 🙏🏻
Hey, released v2.5.0
just a few minutes ago. I did migration to joserfc and removed cognito_jwt completely. Code from that library is now partially included into this library. There should be no breaking changes, only some changes related to exception messages. If you notice anything suspicious or some inconsistencies, please notify me.
We've bumped the version to v2.5.0
in our codebase and things seem to work fine so far.
Only a few dots got added to the error messages, as you've mentioned.
Thanks for the update, @markomirosavljev!
fastapi-cognito
depends oncognitojwt
that depends onpython-jose
that, in turn, depends onecdsa
.ecdsa
has a vulnurabilities that, seems like, are not going to be fixed (e.g.: GHSA-wj6h-64fc-37mp)python-jose
itself hasn't had any releases for yearscognitojwt
repo has just been archived, so is basically not maintained as wellThat said, would it be worth switching to some modern and more maintained JWT library directly? Like joserfc or anything like it?