Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update http-signature to major version 1.3 #3395

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update http-signature to major version 1.3 #3395

wants to merge 1 commit into from

Conversation

mylesgordon
Copy link

All versions of http-signature major version 1.2 eventually rely on an outdated and proven flawed version of json-schema. Major version 1.3 fixes this.

@mylesgordon
Updated http-request package to 1.3.6
d2d9f2a 
This is to fix the json-schema package down the line from having a high vunerability which breaks many CI pipelines.
@mylesgordon mylesgordon reopened this Nov 22, 2021
@mylesgordon mylesgordon mentioned this pull request Nov 22, 2021
Open
@mikailyetkin
Copy link

can someone help me to understand release process, i would like to know when and how this PR will be merged to master and a new version will be published.

@EBalmer
Copy link

EBalmer commented Nov 29, 2021

can someone help me to understand release process, i would like to know when and how this PR will be merged to master and a new version will be published.

Seems Unlikely:
#3142

@mikailyetkin
Copy link

Seems Unlikely:

Thanks @EBalmer i saw that post, was actually trying to fix by myself , but then i have seen this PR. was thinking if it would be possible to have a new patch.

@piiq piiq mentioned this pull request Nov 29, 2021
Merged
@makiri1993
Copy link

Any eta when this will be merged?

@grzegorzkrukowski
Copy link

+1 for it

@esteetaniag
Copy link

+1 for this as well

@Szarlus
Copy link

Szarlus commented Dec 1, 2021

Guys, we are using a library that was deprecated and abandoned almost 2 years ago, don't get your hopes up that this will be merged any time soon. Maybe this is a good moment to finally make a transition to something that is actually maintained :(

@mylesgordon
Copy link
Author

Guys, we are using a library that was deprecated and abandoned almost 2 years ago, don't get your hopes up that this will be merged any time soon. Maybe this is a good moment to finally make a transition to something that is actually maintained :(

Moving to another library is fine, the issue is when a library you use depends on request :(

@maugustoo maugustoo mentioned this pull request Dec 6, 2021
Open
@felix-hcl
Copy link

Guys, we are using a library that was deprecated and abandoned almost 2 years ago, don't get your hopes up that this will be merged any time soon. Maybe this is a good moment to finally make a transition to something that is actually maintained :(

Moving to another library is fine, the issue is when a library you use depends on request :(

We were facing exactly this issue but found a mitigation as described here:
#3394 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szok szok szok approved these changes

@brasky brasky brasky approved these changes

@Y-LyN-10 Y-LyN-10 Y-LyN-10 approved these changes

@marpme marpme marpme approved these changes

@piiq piiq piiq approved these changes

@Szarlus Szarlus Szarlus approved these changes

@Sherlouk Sherlouk Sherlouk approved these changes

@danirocha danirocha danirocha approved these changes

@vvroman vvroman vvroman approved these changes

@CameronSabuda CameronSabuda CameronSabuda approved these changes

@EBalmer EBalmer EBalmer approved these changes

@bdrozd-tsh bdrozd-tsh bdrozd-tsh approved these changes

@AbdiArr AbdiArr AbdiArr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet