Vulnerable dependency (pip CVE-2018-20225) #70
Description
Hello,
I wonder is any resolution is being worked on. Pip is required by the dependency pip_system_certs, and the pip vulnerability in question (CVE-2018-20225) is considered to be the intended behavior, and thus will not be fixed.
The need to have pip installed makes it impossible to use mcp-clickhouse in a Docker image, when image vulnerability scanning is applied (which is a standard approach).
Could you please comment on this?
Thanks in advance.