apitools depends on oauth2client which is archived and insecure

[eslerm]

apitools uses the archived dependency https://github.com/googleapis/oauth2client

oauth2client vendors pycrypto 2.6, which is an unmaintained project and contains CVE-2018-6594 (note, 2.6 was published on May 24, 2012). oauth2client will not receive upstream security fixes.

Is apitools transitively affected by CVE-2018-6594? Could apitools deprecate use of oauth2client?

[eslerm]

DEPRECATED - Please see alternatives below

or possibly this tool should be archived 😅