MBT uses deprecated dependecy request 2.88.2, which has vulnerability CVE-2023-28155

[Bugaboo25]

MBT 1.2.24 uses deprecated dependecy request 2.88.2 (through binwrap 0.2.3), which has vulnerability CVE-2023-28155 reported.
Binwrap itself has not been maintained for about 2 years.
We can not use MBT in our project as the Mend tool (which is part of our pipeline) is blocking the deployment.
Please provide workaround or fix.

[young-yang03]

Hi @Bugaboo25
As we discussed in mail, this problem will be start to research on last sprint (11 Sep ~ 25 Sep) and binwrap will be replaced on Q4

[FrankVisuals]

Is there a recommended way to mitigate this? The issue is rated as critical by whitesource so end of september seems quite late for a fix.