You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Try to install bunq_sdk with only the newest versions of the dependencies installed. (e.g. via the operating system's package manager)
What should happen:
bunq_sdk installs and is secure.
What happens:
Could not find a version that satisfies the requirement urllib3==1.21.1, among other issues
SDK version and environment
Tested on 0.10.16 (y'all's issue template is wrong too)
Extra info:
in pycryptodome(x): CVE-2018-15560 (an AES crypto vuln) and so on have been fixed last year; but the dependencies are hard-coded to those of two years ago, meaning that any installation of the bunq python SDK is vulnerable.
The text was updated successfully, but these errors were encountered:
Steps to reproduce:
bunq_sdkwith only the newest versions of the dependencies installed. (e.g. via the operating system's package manager)What should happen:
bunq_sdkinstalls and is secure.What happens:
Could not find a version that satisfies the requirement urllib3==1.21.1, among other issuesSDK version and environment
Extra info:
in pycryptodome(x): CVE-2018-15560 (an AES crypto vuln) and so on have been fixed last year; but the dependencies are hard-coded to those of two years ago, meaning that any installation of the bunq python SDK is vulnerable.
The text was updated successfully, but these errors were encountered: