brownie icon indicating copy to clipboard operation
brownie copied to clipboard

Published 20 hours ago verified publisher icon eth-brownie

Update Dependencies: PyJWT, eth-utils

Open tonydattolo opened this issue 2 years ago • 1 comments

Environment information

  • brownie Version: 1.18.1
  • ganache-cli Version: stable
  • solc Version: 8.13.0
  • Python Version: 3.8.10
  • OS: linux

Update dependencies or change hard requirements for very common dependencies used in many other projects. For example, PyJWT and eth-utils are causing a lot of issues. 1.7.1 pyjwt is almost 4 years old at this point and is crucial to modern user authentication in python backends which now have their own hard requirements of minimum 2.0.0 or 2.1.0 (current is 2.3.0)

Cannot integrate with the backend with these dependencies

tonydattolo avatar Apr 13 '22 14:04 tonydattolo

Yes, it has vulnerabilities as well: https://vuldb.com/?id.200637

I found that pythx(which is used here) also is outdated: "pythx 1.6.1 depends on PyJWT<1.8.0 and >=1.7.0"

I've created a pull request to upgrade pythx and then look into upgrading brownie.

jTiKey avatar Jun 04 '22 20:06 jTiKey