Updating sshpk version - Githubissues

TritonDataCenter / node-http-signature

Reference implementation of Joyent's HTTP Signature Scheme

https://tritondatacenter.com

MIT License

404 stars 118 forks source link

Updating sshpk version #86

Closed krosenk729 closed 5 years ago

krosenk729 commented 5 years ago

Protecting package against vulnerabilities https://www.npmjs.com/advisories/606

spanditcaa commented 5 years ago

@arekinath - possible to merge this? Among others, Request depends this module and as a result many people (github says 3.4 million projects) are potentially exposed to the underlying vulnerability in sshpk. I believe it was your own commit to sshpk (69d24bc6b32c20584b317e7a88c05cc99a497bd9) that we are looking for.

Thanks.

krosenk729 commented 5 years ago

thanks @spanditcaa and @arekinath - let me know if there is anything else I can do

spanditcaa commented 5 years ago

see also #68, #80 -- @arekinath -- this resolves/supersedes those issues.

spanditcaa commented 5 years ago

@geek or anyone else at Joyent paying any attention to this repo?

spanditcaa commented 5 years ago

Thanks @kusor!

spanditcaa commented 5 years ago

@kusor - how about a version bump and npm publish?

kusor commented 5 years ago

@kusor - how about a version bump and npm publish?

Sounds about right due to #83 too.

dist-tags:
latest: 1.3.0

published just now by kusor