Closed diracdeltas closed 8 years ago
I'll take a look at these others (later) if no one else beats me to it. I wasn't sure which other projects might benefit from it. :+1:
@therealklanni - can you do me a favor and take a look at https://github.com/brave/vault/tree/issue-41 ... i tracked down all the dependencies and did the minimal amount of work to get the intermediate packages to work. this branch is not suitable for master, but at least it shows us what needs to get updated... thanks!
Did you mean https://github.com/brave/vault/tree/issue-45?
sorry, right you are! many thanks!
Sorry I haven't gotten around to looking yet. What exactly did you want me to check into on that?
no worries! just wanted to see if you think i got them all...
Ah, OK. I'll take a look when I get a chance (tonight if not sooner).
So I looked at the packages. I think any of the ones that were on the latest version of request can go back to using the official request package, because that version of hawk should install. As far as the others, looks good.
great! any changes we can make now to either brave/vault or brave/vault-client ?
Looks like BitGo just removed the chain-node dependency as well, so we might be able to use their latest release. chain-node was the other package exposing the hawk vuln, if I remember correctly.
https://github.com/BitGo/BitGoJS/issues/20#issuecomment-175343660
great, let me try that out.
@therealklanni - just checking in. any motion from anyone? thanks!
Hey, I've been busy, sorry I haven't followed up. I believe the issue was resolved by bitgo@0.11.65.
brilliant! i plan to do a commit to the integration branch on monday with the test enabled...
many thanks!
@therealklanni - thanks for driving this. i believe the current branches for vault and vault-client now pass!
Can basically copy/paste https://github.com/brave/browser-laptop/pull/205