Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Drop marshmallow_enum dependency #380

Closed
deuxnids opened this issue Oct 11, 2022 · 1 comment
Closed

Drop marshmallow_enum dependency #380

deuxnids opened this issue Oct 11, 2022 · 1 comment

Comments

@deuxnids
Copy link

Hello,

With the release of marshmallow 3.18.0 the Enum type is supported (https://github.com/marshmallow-code/marshmallow/blob/dev/CHANGELOG.rst#3180-2022-09-15). The repository for marshmallow_enum will be closed (justanr/marshmallow_enum#51).

It would be nice to remove the dependency to marshmallow_enum in https://github.com/lidatong/dataclasses-json/blob/master/setup.py#L21, since marshmallow_enum still depends on 'marshmallow>=2.0.0' which suffers from CVE-2018-17175 vulnerability.

What do you think?
@a-was a-was mentioned this issue Oct 23, 2022
Merged
@baldurmen
Copy link
Contributor

I'm also keen for this to happen, as this would let me drop the python-marshmallow-enum package I maintain in Debian for the sole purpose of packaging dataclasses-json :)

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@deuxnids @baldurmen @george-zubrienko