Upgrade dnspython vulnerable dependendency

secynic / ipwhois

Retrieve and parse whois data for IPv4 and IPv6 addresses

https://ipwhois.readthedocs.io/en/latest

BSD 2-Clause "Simplified" License

556 stars 121 forks source link

Upgrade dnspython vulnerable dependendency #326

Closed ivellios closed 1 month ago

ivellios commented 1 month ago

@secynic - I do hope you can look into this, because the repository seems to be dead for a while. I even tried to create a PR, but looks like it is disabled for non-collaborators.

dnspython < 2.6.1 is prone to CVE-2023-29483. Remedy for that is to update the requirement and align with a new version of dnspython.

It got sorted out in the @putsi fork. How about pulling these changes into the main branch here?

secynic commented 1 month ago

Updated in dev branch. Working on some other issues before pushing to pypi.

secynic commented 1 month ago

Released 1.3.0