This repository was archived by the owner on Aug 16, 2024. It is now read-only.
Security Vulnerability in aiohttp<3.9.0 #197
Closed
CyberKenneth
started this conversation in
General
Replies: 1 comment
-
|
Pycord v3 is not production ready, it's more like an early under-heavy-development version. Many thanks |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Py-cord team I jumped up to Pycord v3 in the hopes of being able to fix this but no luck so far. I'm currently developing a Discord bot using Py-cord, and I've come across a dependency issue that I wanted to bring to your attention.
Issue Description:
Py-cord currently relies on a version of aiohttp <3.9.0. However, there is a known security vulnerability in aiohttp versions up to and including 3.9.0. Updating aiohttp to a more secure version (above 3.9.0) seems to break compatibility with Py-cord.
Impact:
This puts me in a challenging position as I need to keep my application secure while also maintaining its functionality with Py-cord.
Request:
I wanted to see if Py-cord v2 and v3 could implement the new version requirement and ensure it's compatible with the newer versions of aiohttp that address this security concern. Alternatively, any advice or temporary workarounds you could suggest would be greatly appreciated. As I am still new to this type of thing I may have been breaking it because I did something wrong. Anyways,
Additional Information:
pycord version: v3
aiohttp version: 3.8.6
Thank you for your time
My regards,
CyberKen
Beta Was this translation helpful? Give feedback.
All reactions