High Severity Security Issue in Dependency - Githubissues

sendgrid / sendgrid-python

The Official Twilio SendGrid Python API Library

https://sendgrid.com

MIT License

1.53k stars 711 forks source link

High Severity Security Issue in Dependency #1024

Closed vahedq closed 2 years ago

vahedq commented 2 years ago

Issue Summary

We use sendgrid python sdk, and recently noticed that one of the dependencies have security issue and need to update to

Remediation
Upgrade starkbank-ecdsa to version 2.0.1 or later. For example:

starkbank-ecdsa>=2.0.1

However sendgrid depends on

starkbank-ecdsa>=1.0.0,<2.0.0

Given SOC2 guidelines, we won't be able to use sendgrid if this update isn't applied. Please let us know how to proceed.

Steps to Reproduce

This is the first step
This is the second step
Further steps, etc.

Code Snippet

# paste code here

Exception/Log

# paste exception/log here

Technical details:

sendgrid-python version:
python version:

mikeckennedy commented 2 years ago

See also #1023

JenniferMah commented 2 years ago

Closing as a duplicate. Please track progress on this update in issue #1023.