NetApp OnTap Python Library uses old version of marshmallow

Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp trainings
- Sign in to my account
- Don't have an account?
  Create an account
Learn
Browse

ONTAP Rest API Discussions

1,749 Views

When installing the netapp-ontap package via pip, it shows a dependency of marshmallow<=3.0.0rc7,>=3.0.0rc5. These version of marshmallow are vulnerable to CVE-2018-17175 and thus not allowed within my organization. Why does the library force such an old version (current version is 3.2.2)? Can the OnTap library be updated to support the new version?