fix: remove vulnerable ecdsa dependency (CVE-2024-23342)
All checks were successful
Python Tests / test-python (push) Successful in 14s
All checks were successful
Python Tests / test-python (push) Successful in 14s
- Removed ecdsa from requirements.txt (not installed or used) - python-ecdsa has no fix for Minerva timing attack on P-256 - Resolves Dependabot alert 509
This commit is contained in:
aitbc
@@ -41,7 +41,6 @@ aiostun>=0.1.0
|
|||||||
# Cryptocurrency & Blockchain
|
# Cryptocurrency & Blockchain
|
||||||
cryptography>=46.0.0
|
cryptography>=46.0.0
|
||||||
pynacl>=1.6.2
|
pynacl>=1.6.2
|
||||||
ecdsa>=0.19.0
|
|
||||||
base58>=2.1.1
|
base58>=2.1.1
|
||||||
bech32>=1.2.0
|
bech32>=1.2.0
|
||||||
web3>=7.15.0
|
web3>=7.15.0
|
||||||
|
|||||||
Reference in New Issue
Block a user