Hi, @kedixa , @Barenboim , I'd like to report a vulnerability issue in pywf_0.0.8.

Dependency Graph between Python and Shared Libraries

Issue Description

As shown in the above dependency graph (Here shows part of the dependency graph, which depends on vulnerable shared libraries), pywf_0.0.8 directly or transitively depends on 12 C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
libgssapi_krb5-156d2cf0.so.2.2, libk5crypto-a4eb5019.so.3.1 and libkrb5-699ac2fc.so.3.3 from C project krb5(version:1.16) exposed 4 vulnerabilities:
CVE-2021-37750, CVE-2021-36222, CVE-2015-8629, CVE-2015-8630

Suggested Vulnerability Patch Versions

krb5 has fixed the vulnerabilities in versions >=1.19.3

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (pywf has 1,752 downloads per month), could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Joe Gardner