Please loosen the dependency on requests
#136
Comments
|
Thank you for the feature request! Currently, the team operates in a limited capacity, carefully prioritizing, and we cannot provide a timeline to implement this feature. Please make a Pull Request if you'd like to see this feature sooner, and we'll guide you through the journey. |
This was referenced Jun 1, 2023
mgyucht
pushed a commit
that referenced
this issue
Jun 16, 2023
## Changes This PR allows users to use the Databricks SDK for Python with the most recent version of the requests library within the 2.x release line, enabling them to receive security patches and non-backwards-incompatible new features. Closes #136. ## Tests <!-- How is this tested? Please see the checklist below and also describe any other relevant tests --> - [ ] `make test` run locally - [ ] `make fmt` applied - [ ] relevant integration tests applied
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This package currently depends on
requests <2.29.0,>=2.28.1, which is a very tight range and unfortunately has published vulnerabilities. Please widen the allowed range (I suggest torequests <3,>=2.28.1if forwards compatibility is important) so that this package does not force insecure dependent packages on its consumers.The text was updated successfully, but these errors were encountered: