-
Notifications
You must be signed in to change notification settings - Fork 381
Update rest-client gem because security vulnerabilities #1984
Conversation
haven't been able to figure out why yet, but this fails locally for me |
@dickeyxxx maybe only bcs restclient switched on netrc auth on 1.7.0 so your stubbed requests do not match if you have a .netrc file. |
abf5e98
to
33c8636
Compare
33c8636
to
968df8b
Compare
@dickeyxxx could you take a look if - on top of the additional commit kind of taking care of the stubbed requests - there's anything more we can do to have this merged? |
👍 |
2 similar comments
👍 |
👍 |
@atmos -- anything we can do get this rechecked/merged? |
@bluta I don't understand the security vulnerabilities well enough to comment. 1.6 -> 1.8 is an API breaking change in a lot of places and I don't have enough things running constantly to speak authoritatively. |
@atmos - you mean although the coverage for the first look seems promising for the API, still feel it'll fail in real applications? by any chance you have a rough direction for such problems? |
@balazslaszlo I merged this into #2011 and released, I just removed the regexes in favor of a host / netrc existence check. I was going to mock out |
@balazslaszlo I had to roll back #2011 because this did not work on windows due to an
|
rest-client 1.6.8 has security vulnerabilities
https://www.versioneye.com/ruby/rest-client/1.6.8