Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch deprecated dependency: request #30

Open
rwalle61 opened this issue Jun 15, 2020 · 0 comments
Open

Switch deprecated dependency: request #30

rwalle61 opened this issue Jun 15, 2020 · 0 comments

Comments

@rwalle61
Copy link

rwalle61 commented Jun 15, 2020
edited
Loading

Hi, thanks for this package!

I think your dependency request uses a version of http-signature that has a security vulnerability:

Severity: Medium
Description: Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation.
Publish date: 2019-12-30
Resolution: Upgrade to version kind-of - 6.0.3

request is now deprecated so won't take the fix.

Do you plan to switch from request to something else? (Another node kube client is considering this, but hasn't done so yet)

If you did, this would allow us to use this module
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rwalle61