GehirnInc/python-jwt

cryptography <= 2.9.2 CVE

GothAckOVO opened this issue · 2 comments

The cryptography package has a CVE assigned to it for versions <= 2.9.2. Whilst jwt may not be directly affected, other packages that import cryptography may be.
Would it be possible to upgrade to 3.x?

FWIW all tests pass with cryptography==3.2.1

Merged #29.