You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ecdsa has a security vulnerability, and even without this it isn't recommended for production code
it is installed incidentally by python-jose which will not use it because it has cryptography available
see https://pypi.org/project/python-jose/
This project has the following recommendation:
Due to complexities with setuptools, the native-python backend is always installed, even if you select a different backend on install. We recommend that you remove unnecessary dependencies in production.
And lists the following optional dependencies for when you have cryptography available:
rsa
ecdsa
pyasn1
We also have had other incidents with orphaned dependencies- maybe we need a post-uninstall step to handle these cases.
I'm not sure if this will play nicely with pip check... which will probably notice the packaging mistake
The text was updated successfully, but these errors were encountered:
ecdsahas a security vulnerability, and even without this it isn't recommended for production codeit is installed incidentally by
python-josewhich will not use it because it hascryptographyavailablesee https://pypi.org/project/python-jose/
This project has the following recommendation:
And lists the following optional dependencies for when you have
cryptographyavailable:rsaecdsapyasn1We also have had other incidents with orphaned dependencies- maybe we need a post-uninstall step to handle these cases.
I'm not sure if this will play nicely with pip check... which will probably notice the packaging mistake
The text was updated successfully, but these errors were encountered: