Fix sshpk version - Githubissues

TritonDataCenter / node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme

https://tritondatacenter.com

MIT License

405 stars 118 forks source link

Fix sshpk version #80

Closed iwko closed 4 years ago

iwko commented 5 years ago

This is fix for #79

k001 commented 5 years ago

Any ETA to apply this fix?

iwko commented 5 years ago

@arekinath

eran10 commented 5 years ago

Any ETA to apply this fix?

davidlehn commented 5 years ago

"Fix"? This patch locks sshpk to a version released in 2015 just to support Node.js 0.8.28 released in 2014? Seems like you're on your own for an edge case like this.

ejoubaud commented 5 years ago

:-1: to this, sshpk < 1.13.2 has an identified vulnerability: https://hackerone.com/reports/319593 This change would cause any project using this lib even indirectly to get audit failures and vulnerability alerts.

kusor commented 4 years ago

Done as of PR #86