You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a monthly automated scan, a dependency of this library showed a security vulnerability.
Tracing the dependency tree, it looks like pycognito -> python-jose[cryptography] -> ecdsa. Normally I would look to the source of the issue for a fix, but it seems that:
It's particularly unfortunate since python-jose claims that the library in question isn't even in use for python-jose[cryptography]. Alas, for reporting reasons, my team will need to address it regardless.
I was hoping you could provide me some clarity on whether or not you intend to address the vulnerability within the scope of this library.
Thank you for reading, and thank you for your contributions to OSS!
The text was updated successfully, but these errors were encountered:
Hi there --
In a monthly automated scan, a dependency of this library showed a security vulnerability.
Tracing the dependency tree, it looks like pycognito -> python-jose[cryptography] -> ecdsa. Normally I would look to the source of the issue for a fix, but it seems that:
It's particularly unfortunate since python-jose claims that the library in question isn't even in use for python-jose[cryptography]. Alas, for reporting reasons, my team will need to address it regardless.
I was hoping you could provide me some clarity on whether or not you intend to address the vulnerability within the scope of this library.
Thank you for reading, and thank you for your contributions to OSS!
The text was updated successfully, but these errors were encountered: