[FEAT]: replace dependency on Retry with a more actively maintained dependency that does not raise CVE-2022-42969 in other platforms
JosanaDH opened this issue · comments
Is there an existing feature request for this?
- I have searched the existing feature requests
Description
Pysnyk depends on Retry, which has not had a pypi release since 2016.
That release of Retry included a dependency on Py which has had a CVE raised against it (CVE-2022-42969)
Although this has been determined to be a false positive by Snyk (ST-1653) it can still raise queries from customers.
Retry has pushed a fix to master to remove this dependency, but there is no pypi release.
Suggestion is to investigate use of other more actively maintained projects that perform a similar function, such as backoff or tenacity
Additional Information
No response