nchammas
commented
1 year ago Thanks for the report. Looks like I've already upgraded Flintrock to Paramiko 2.10 on master, so I just need to make a new release.
https://github.com/nchammas/flintrock/blob/409ecaf7221d2f79a58a02b760cd61b234480250/setup.py#L53
Older paramiko's are impacted by https://osv.dev/vulnerability/PYSEC-2022-166. flintrock currently pins to 2.7.2, which is impacted by this vuln and means everything installed into the same virtual environment is also pinned to this version.
The newer paramiko version is backwards compatible as far as I know, so hopefully this should be an easy upgrade.