therealklanni
commented
8 years ago I'll take a look at these others (later) if no one else beats me to it. I wasn't sure which other projects might benefit from it. :+1:
Closed diracdeltas closed 8 years ago
therealklanni
commented
8 years ago I'll take a look at these others (later) if no one else beats me to it. I wasn't sure which other projects might benefit from it. :+1:
mrose17
commented
8 years ago @therealklanni - can you do me a favor and take a look at https://github.com/brave/vault/tree/issue-41 ... i tracked down all the dependencies and did the minimal amount of work to get the intermediate packages to work. this branch is not suitable for master, but at least it shows us what needs to get updated... thanks!
therealklanni
commented
8 years ago Did you mean https://github.com/brave/vault/tree/issue-45?
mrose17
commented
8 years ago sorry, right you are! many thanks!
therealklanni
commented
8 years ago Sorry I haven't gotten around to looking yet. What exactly did you want me to check into on that?
mrose17
commented
8 years ago no worries! just wanted to see if you think i got them all...
therealklanni
commented
8 years ago Ah, OK. I'll take a look when I get a chance (tonight if not sooner).
therealklanni
commented
8 years ago So I looked at the packages. I think any of the ones that were on the latest version of request can go back to using the official request package, because that version of hawk should install. As far as the others, looks good.
mrose17
commented
8 years ago great! any changes we can make now to either brave/vault or brave/vault-client ?
therealklanni
commented
8 years ago Looks like BitGo just removed the chain-node dependency as well, so we might be able to use their latest release. chain-node was the other package exposing the hawk vuln, if I remember correctly.
https://github.com/BitGo/BitGoJS/issues/20#issuecomment-175343660
mrose17
commented
8 years ago great, let me try that out.
mrose17
commented
8 years ago @therealklanni - just checking in. any motion from anyone? thanks!
therealklanni
commented
8 years ago Hey, I've been busy, sorry I haven't followed up. I believe the issue was resolved by bitgo@0.11.65.
mrose17
commented
8 years ago brilliant! i plan to do a commit to the integration branch on monday with the test enabled...
many thanks!
mrose17
commented
8 years ago mrose17
commented
8 years ago @therealklanni - thanks for driving this. i believe the current branches for vault and vault-client now pass!
Can basically copy/paste https://github.com/brave/browser-laptop/pull/205