Closed iwko closed 4 years ago
Any ETA to apply this fix?
@arekinath
Any ETA to apply this fix?
"Fix"? This patch locks sshpk to a version released in 2015 just to support Node.js 0.8.28 released in 2014? Seems like you're on your own for an edge case like this.
:-1: to this, sshpk < 1.13.2 has an identified vulnerability: https://hackerone.com/reports/319593 This change would cause any project using this lib even indirectly to get audit failures and vulnerability alerts.
Done as of PR #86
This is fix for #79