You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of April 17, 2018, the experimental jwt addon will be discontinued.
The jwt addon was introduced back in August, 2016 to provide a means of sharing secrets with third parties (most importantly with Pull Request authors). At the time of the introduction, we had hoped that the addon would prove useful and secure, so that many other service providers may adopt it for their services for our mutual users’ benefit.
Upon further consideration and investigation, however, we have determined that the addon has shortcomings that we are unable to overcome.
Unfortunately, there is no replacement or workaround for the jwt addon at this time. We understand that your workflows (especially the ones involving Pull Requests) may be affected, but we ask that you phase out the use of this addon by the deadline for security reasons.
Timeline
Starting immediately, jobs using the jwt addon will include a deprecation warning with the link pointing back to this blog post, and the deprecation date. The addon will continue to function.
At the scheduled date of April 17, 2018, the addon will cease to function.
The text was updated successfully, but these errors were encountered:
It seems to work even now [1], but probably a good time to migrate to another solution as it may stop working at any time.
[1] See recent build: https://travis-ci.org/github/metal/metal.js/jobs/708925777, which failed but probably for a different reason than JWT.
For background, please see: https://blog.travis-ci.com/2018-01-23-jwt-addon-is-deprecated (also output in every build that's using the JWT addon).
The text was updated successfully, but these errors were encountered: