New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update http-signature to major version 1.3 #3395
base: master
Are you sure you want to change the base?
Conversation
This is to fix the json-schema package down the line from having a high vunerability which breaks many CI pipelines.
can someone help me to understand release process, i would like to know when and how this PR will be merged to master and a new version will be published. |
Seems Unlikely: |
Thanks @EBalmer i saw that post, was actually trying to fix by myself , but then i have seen this PR. was thinking if it would be possible to have a new patch. |
Any eta when this will be merged? |
+1 for it |
+1 for this as well |
Guys, we are using a library that was deprecated and abandoned almost 2 years ago, don't get your hopes up that this will be merged any time soon. Maybe this is a good moment to finally make a transition to something that is actually maintained :( |
Moving to another library is fine, the issue is when a library you use depends on request :( |
We were facing exactly this issue but found a mitigation as described here: |
All versions of http-signature major version 1.2 eventually rely on an outdated and proven flawed version of json-schema. Major version 1.3 fixes this.