Copy link to clipboard
Copied
Libraries should not pin exact versions of requirements as it often makes them incompatible with other libraries.
This issue was first reported in November 2022, and there is a clear demand for this change as evidenced by the github issues and PRs.
This package's excessively restrictive requirements have become a pain point and if not addressed will force users to consider competitor services for improved security and developer experience.
I have tried through github, and through email to the package author's published email address. Is there any way to get a response to this problem?
Copy link to clipboard
Copied
Is it too much to hope for that we might at least get a reply or any indication of a position on this issue? It's been going on for a year and a half now.
Do Adobe not care about their customers' security?
Copy link to clipboard
Copied
At least one of the SDK's inexplicably frozen dependencies has a variety of significant security issues. Why are Adobe dragging their feet on this and refusing to respond?
Copy link to clipboard
Copied
This will be corrected (along with other improvements) in the next release of our Python SDK. That is scheduled for early May.
I understand that is a bit away, so in the meantime, I *highly* encourage you to check out our REST API. I rarely use our SDKs anymore because the REST API is easy enough to use. If you need some sample code, or blog posts as examples, let me know. (Most of my demos are Node, not Python, but again, the REST API is so simple you wouldn't have any issue 'translating' it to using requests with Python.)