HTTPX Supply Chain Risk #2210
Chris (cparks1)
started this conversation in
General
HTTPX Supply Chain Risk
#2210
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This library has a dependency on HTTPX if you're using the schema registry client.
Recently, the owner of HTTPX closed off access to discussions and issues: encode/httpx#3784
The library will still be maintained, but there is now no channel through which CVEs and other security concerns can be reported. The link for reporting bugs and issues on their own documentation is now a 404: https://www.python-httpx.org/contributing/
This makes the inclusion of HTTPX a supply chain risk. Are there any plans to work to remove the dependency on HTTPX?
Beta Was this translation helpful? Give feedback.
All reactions