go-playground / webhooks

:fishing_pole_and_fish: Webhook receiver for GitHub, Bitbucket, GitLab, Gogs
MIT License
955 stars 237 forks source link

Update github to use sha256 signature #173

Closed ammario closed 11 months ago

ammario commented 1 year ago

See https://docs.github.com/en/webhooks-and-events/webhooks/securing-your-webhooks

coveralls commented 1 year ago

Coverage Status

Coverage: 89.741% (+0.02%) from 89.716% when pulling 61c8d3560b680ef94c98cbfcf80daabd5b4b8371 on ammario:master into 69430a8f014ebee576e196aea419391556f6036c on go-playground:master.

AdamKorcz commented 11 months ago

Would be great to see this merged.

davidhadas commented 11 months ago

@robinlieb, this PR relates to a Security Audit done to the CNCF Knative Project, Knative uses this repository as a dependency and the audit requires this to be fixed.

Can you check to see if this PR is expected to be fixed any time soon, or should Knative look for alternatives instead?

robinlieb commented 11 months ago

@davidhadas just merged this change, thanks for the reminder.

@ammario Thanks for the contribution!