Support newer Python runtime and address high-severity urllib3 vulnerability #69
Description
Description
Hello, thank you very much for providing this great package.
I’d like to ask about the following two points:
1. Python version upgrade
It appears that this package is currently based on Python 3.10.
However, Python 3.10 will reach its end of support in the near future.
- Do you have any plans to support or migrate to Python 3.11 or newer?
- If you have a roadmap or policy regarding supported Python versions, could you please share it?
2. High-severity vulnerability in urllib3
According to an Amazon Inspector scan, the Layer deployed by this package
is flagged with a HIGH severity vulnerability related to urllib3.
From what I have found, upgrading urllib3 to 2.6.0 or later
appears to resolve this vulnerability (assumption).
- Do you have any plans to upgrade to
urllib3 >= 2.6.0? - If there are any constraints or concerns regarding this change, I’d appreciate it if you could share them.
Since this impacts our production environment,
it would be very helpful if you could let us know your plans when you have a chance.
Sources / context:
- Python release lifecycle: https://devguide.python.org/versions/
- urllib3 security advisories: https://github.com/urllib3/urllib3/security