As part of the quay.io vulnerability report, it is reported that the sendgrid-python==6.11.0 package has a vulnerability (GHSA-9wx7-jrvc-28mm) reported for dependency starkbank-ecdsa==2.2.0 which is the latest version available from 2022 (The starbank repository no longer seems to be maintained).
Fixes
As part of the quay.io vulnerability report, it is reported that the
sendgrid-python==6.11.0
package has a vulnerability (GHSA-9wx7-jrvc-28mm) reported for dependencystarkbank-ecdsa==2.2.0
which is the latest version available from 2022 (The starbank repository no longer seems to be maintained).This PR solves replaces the outdated starbank-ecdsa library (https://github.com/starkbank/ecdsa-python) with an actively mainained library ecdsa (https://github.com/tlsfuzzer/python-ecdsa).
Checklist