ONTAP Rest API Discussions

NetApp OnTap Python Library uses old version of marshmallow

jsharpe
1,639 Views

When installing the netapp-ontap package via pip, it shows a dependency of marshmallow<=3.0.0rc7,>=3.0.0rc5. These version of marshmallow are vulnerable to CVE-2018-17175 and thus not allowed within my organization. Why does the library force such an old version (current version is 3.2.2)? Can the OnTap library be updated to support the new version?

0 REPLIES 0
Public