ADAL "extras" dependency triggers security findings #2481
Description
What happened (please include outputs or screenshots):
Security scanning tools such as wiz detect an EOL package in anything built with the Python Kubernetes library due to it bringing in adal library as an Extra (last updated 2021).
What you expected to happen:
Migrate to MSAL or remove the dependency entirely.
How to reproduce it (as minimally and precisely as possible):
Install the kubernetes library without removing extras, verify this package is brought along.
Anything else we need to know?:
#1983 is a previously opened issue on this topic.
Environment:
- Kubernetes version (
kubectl version): n/a - OS (e.g., MacOS 10.13.6): n/a
- Python version (
python --version): n/a - Python client version (
pip list | grep kubernetes): I observed it in 33.1.0, but from pypi.org it seems to still be an issue in 34.1.0