From 7314d2a39e610490ce68c00e72bf7a68dcc8fe9b Mon Sep 17 00:00:00 2001
From: aitbc <aitbc@keisanki.net>
Date: Tue, 28 Apr 2026 09:51:15 +0200
Subject: [PATCH] fix: remove vulnerable ecdsa dependency (CVE-2024-23342)

- Removed ecdsa from requirements.txt (not installed or used)
- python-ecdsa has no fix for Minerva timing attack on P-256
- Resolves Dependabot alert 509
---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 8f4a4ffb..edda2827 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41,7 +41,6 @@ aiostun>=0.1.0
 # Cryptocurrency & Blockchain
 cryptography>=46.0.0
 pynacl>=1.6.2
-ecdsa>=0.19.0
 base58>=2.1.1
 bech32>=1.2.0
 web3>=7.15.0