snyk-labs / pysnyk

A Python client for the Snyk API.
https://snyk.docs.apiary.io/
MIT License
88 stars 116 forks source link

[FEAT]: replace dependency on Retry with a more actively maintained dependency that does not raise CVE-2022-42969 in other platforms #208

Open JosanaDH opened 11 months ago

JosanaDH commented 11 months ago

Is there an existing feature request for this?

Description

Pysnyk depends on Retry, which has not had a pypi release since 2016. That release of Retry included a dependency on Py which has had a CVE raised against it (CVE-2022-42969) Although this has been determined to be a false positive by Snyk (ST-1653) it can still raise queries from customers.

Retry has pushed a fix to master to remove this dependency, but there is no pypi release.

Suggestion is to investigate use of other more actively maintained projects that perform a similar function, such as backoff or tenacity

Additional Information

No response