Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: Possibility to back-port jsprim update to version 1.2.X #126

Closed
felix-hcl opened this issue Dec 3, 2021 · 1 comment
Closed

Comments

@felix-hcl
Copy link

As stated in #123 there was a security vulnerability down the dependency tree.

Unfortunately the well known but already deprecated library [email protected] depends on "http-signature": "~1.2.0".
As you might be aware, there are still many (open source) packages out there which have not replaced request with a more up2date http client.

I am aware that this is not a long-term solution/fix but I kindly ask if there is any possibility to back-port the jsprim update from #123 / #125 to a version 1.2.1?

@felix-hcl
Copy link
Author

Closing this issue. Jsprim backported the fix to version 1.4.2 which resolves this issue since it is in the correct semver version range for [email protected]
https://github.com/joyent/node-jsprim/releases/tag/v1.4.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant