Would you consider backporting #168 to 3.x? #169

jakubpawlowicz · 2016-01-20T16:31:31Z

Some packages (like https://github.com/request/request) are stuck on hawk 3.x because of node.js 4 dependency, and the recently fixed security issue still applies to them. Any chances to see 3.1.3 with backported 0833f99?

The text was updated successfully, but these errors were encountered:

hueniverse · 2016-01-20T17:46:51Z

It doesn't affect request users. These issues are only possible on the server, not the client side of the protocol. If someone else does the work I'll consider it. See #170

jakubpawlowicz · 2016-01-22T09:23:29Z

Thanks @hueniverse and @remy!

lock · 2020-01-09T04:04:03Z

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

hueniverse added bug Bug or defect security Issue with security impact labels Jan 20, 2016

hueniverse added this to the 3.1.3 milestone Jan 21, 2016

hueniverse self-assigned this Jan 21, 2016

hueniverse closed this as completed Jan 21, 2016

lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Would you consider backporting #168 to 3.x? #169

Would you consider backporting #168 to 3.x? #169

jakubpawlowicz commented Jan 20, 2016

hueniverse commented Jan 20, 2016

jakubpawlowicz commented Jan 22, 2016

lock bot commented Jan 9, 2020

Would you consider backporting #168 to 3.x? #169

Would you consider backporting #168 to 3.x? #169

Comments

jakubpawlowicz commented Jan 20, 2016

hueniverse commented Jan 20, 2016

jakubpawlowicz commented Jan 22, 2016

lock bot commented Jan 9, 2020