relax rest-client version dependency

[arches]

I'm using unirest as a dependency of @urbanairship and this strict dependency on rest-client is causing some version resolution issues for me. Is there a reason you need to pin on rest-client v1.6? I'm trying to use rest-client v1.8.

[laCour]

The current pessimistic requirement of rest-client 1.6.7 means that unirest-ruby is using a version of rest-client which has two vulnerabilities (for 1.6.9).

Name: rest-client Version: 1.6.9 Advisory: CVE-2015-1820 Criticality: Unknown URL: https://github.com/rest-client/rest-client/issues/369 Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses Solution: upgrade to >= 1.8.0

Name: rest-client Version: 1.6.9 Advisory: CVE-2015-3448 Criticality: Unknown URL: http://www.osvdb.org/show/osvdb/117461 Title: Rest-Client Gem for Ruby logs password information in plaintext Solution: upgrade to >= 1.7.3

[greysteil]

Would love to see this merged - it's creating dependency issues for us, too.

[Zoetermeer]

+1

[nikz]

Hiya! We've since updated the rest-client version due to security issues, so I think this can be closed now - unless you'd also like the requirement relaxed somewhat?