Security Vulneratbility CVE-2022-40899 on future 0.18.2 #162
Description
This package has a dependency on future, which has a recently disclosed vulnerability. The project is dead, so there likely won't be a fix. The only fix right now is to remove the dependency entirely.
https://www.mend.io/vulnerability-database/CVE-2022-40899
https://nvd.nist.gov/vuln/detail/CVE-2022-40899
PythonCharmers/python-future#612
PythonCharmers/python-future#610
I attempted to do this myself but was denied access trying to push a branch to remote.