sendgrid / sendgrid-python

The Official Twilio SendGrid Python API Library
https://sendgrid.com
MIT License
1.54k stars 714 forks source link

fix: Vulnerability fix for starkbank-ecdsa 2.2.0 dependency #1085

Open ranjanprasad1996 opened 2 months ago

ranjanprasad1996 commented 2 months ago

Fixes

As part of the quay.io vulnerability report, it is reported that the sendgrid-python==6.11.0 package has a vulnerability (GHSA-9wx7-jrvc-28mm) reported for dependency starkbank-ecdsa==2.2.0 which is the latest version available from 2022 (The starbank repository no longer seems to be maintained).

This PR solves replaces the outdated starbank-ecdsa library (https://github.com/starkbank/ecdsa-python) with an actively mainained library ecdsa (https://github.com/tlsfuzzer/python-ecdsa).

Checklist