Unirest is depending on insecure rest-client gem version

Kong / unirest-ruby

Unirest in Ruby: Simplified, lightweight HTTP client library.

http://unirest.io/ruby

MIT License

364 stars 83 forks source link

Unirest is depending on insecure rest-client gem version #24

Open paneq opened 8 years ago

paneq commented 8 years ago

Could you please upgrade the dependency from s.add_dependency('rest-client', '~> 1.6.7') to s.add_dependency('rest-client', '~> 1.8.0') ?

guizmaii commented 8 years ago

justinsoong commented 8 years ago

:+1:

justinsoong commented 8 years ago

i need this

guizmaii commented 8 years ago

Use rest_client directly

noam87 commented 8 years ago

this is starting to cause dependency issues with other widely used libraries (urbanairship).... is this thing being maintained?

tunglam14 commented 8 years ago

:+1: upgrade please

guizmaii commented 8 years ago

IMHO, you should not use this gem because of the rest_client version problem and because of the problem addressed by #29 !

This gem is not well coded and not maintained. It could add bugs and security problems in your app.

nikz commented 8 years ago

We've fixed this now, apologies for the slowness. The gem is maintained and we'll be updating a few of the issues, including the one you've mentioned @guizmaii :)

jakubkosinski commented 8 years ago

@nikz could you release new gem version so that we can use rest-client 1.8.0?

jack-fin commented 8 years ago

I'd like to chime in, it would be great to release a new gem with the rest-client 1.8.0 update that is in master.