There is a vulnerability in Sphinx:1.8.3,upgrade recommended

[QiAnXinCodeSafe]

oci-python-sdk/requirements.txt

Line 14 in 108e7c5

sphinx==1.8.3

CVE-2020-11022 CVE-2020-11023

Recommended upgrade version：1.8.6

[Swarn10]

@QiAnXinCodeSafe Thank you for posting this issue. We are currently looking into it. We will post here once the fix is in place.

[Swarn10]

We are not planning to upgrade sphinx at this moment and we also believe that this vulnerability is unlikely to affect our customers. This appears to be a dev only dependency, so doesn't affect end users. For developers of the SDK, it only comes in to play if they generate docs, which they likely should not need to do since we handle doc generation / publishing, and that the input to the SDK docs is trusted, as it comes from Oracle developers, and any change goes through code review by at least one other Oracle developer, before merging.