-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need to update jsprim due to vulnerability in json-schema #123
Comments
I just updated jsprim to 2.0.2 a few minutes ago to address this in that package. Testing of http-signature on node 0.10 with jsprim updated to 2.0.2:
|
Reviewed by: BruceHaley <[email protected]> Reviewed by: Dan McDonald <[email protected]>
@bahamat I know this an oddball request, but if it's possible to backport this patch to ~1.2.x that would allow anyone using request to pick up this fix as well. I know that request is deprecated, but it's still very popular with ~17 million weekly downloads. Ideally request would have specified I certainly wouldn't blame you for not wanting to backport this, but a whole lot of people on the internet would appreciate you for it :) |
…on-schema (TritonDataCenter#125) (#5) Reviewed by: BruceHaley <[email protected]> Reviewed by: Dan McDonald <[email protected]> Co-authored-by: Brian Bennett <[email protected]>
json-schema
has a vulnerability which is included in older versions of jsprim.jsprim is currently as
2.0.1
The text was updated successfully, but these errors were encountered: