cryptography <= 2.9.2 CVE
GothAckOVO opened this issue · 2 comments
GothAckOVO commented
The cryptography
package has a CVE assigned to it for versions <= 2.9.2
. Whilst jwt
may not be directly affected, other packages that import cryptography
may be.
Would it be possible to upgrade to 3.x?
GothAckOVO commented
FWIW all tests pass with cryptography==3.2.1