pynhd icon indicating copy to clipboard operation
pynhd copied to clipboard
verified publisher icon hyriver

Dependency brotli 1.1.0 has security vulnerability, update to brotli>=1.2.0

Open jbousquin opened this issue 1 month ago • 2 comments

What happened?

pynhd 0.19.4 current dependency list contains brotli v1.1.0 has a vulnerability, see https://github.com/google/brotli/issues/1373 latest version of brotli has been released on PyPI that addresses this issue

I think this should be a simple one-line fix in the two env files: ci/requirements/environment.yml ci/requirements/environment-dev.yml

Minimal Complete Verifiable Example

Pinning the version in my repo (private) resolved and didn't seem to have dependency conflicts w/ pynhd

MVCE confirmation

  • [ ] Minimal example — the example is as focused as reasonably possible to demonstrate the underlying issue.
  • [ ] Complete example — the example is self-contained, including all data and the text of any traceback.
  • [x] New issue — a search of GitHub Issues suggests this is not a duplicate.

jbousquin avatar Nov 19 '25 15:11 jbousquin