Open mcandre opened 2 months ago
Thanks, @mcandre, for this report.
As a solution, you can pin idna
, and yes, we will drop requests in a future minor release.
Safety makes the best effort to avoid pinning dependencies and prevent compatibility issues. Nevertheless, we will look to integrate suggested minimum constraints for dependencies or document them for users who want to enforce them.
Hi, it's been a month.
When can we expect this security enhancement to be released?
The Snyk CLI reports vulnerabilities on the PyPI safety package.
https://snyk.io/
By the way, the requests library may be overkill. It's just a wrapper. One way to resolve the vulnerability is to drop that dependency and use the standard library directly.