Skip to content

Replace hawk dependency with a local implemenation #2943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mikeal merged 8 commits into from
May 19, 2018
Merged

Replace hawk dependency with a local implemenation #2943

mikeal merged 8 commits into from
May 19, 2018

Conversation

@hueniverse
Copy link
Contributor

@hueniverse hueniverse commented May 16, 2018
edited
Loading

Closes #2831.

This replaces the hawk dependency with a local implementation that's identical.

This is the bare minimum the request community can do to disconnect this module from the hawk and hapi modules. The request community has been a major source of headache due to its inclusion of hawk and hoek. Because the maintainers have refused to remove this functionality, I am trying a simpler approach by moving the 100 lines of code from hawk here.

I will maintain this code if needed in the future which is better than you are getting today as I am no longer maintaining hawk v6 and this module cannot use v7 due to node requirements.

@hueniverse hueniverse mentioned this pull request May 16, 2018
Closed
@simov
Copy link
Member

simov commented May 16, 2018

Sounds good to me.

/cc @mikeal

@mikeal mikeal merged commit a6741d4 into request:master May 19, 2018
@simov simov mentioned this pull request May 19, 2018
Closed
3 tasks
@hueniverse
Copy link
Contributor Author

hueniverse commented May 21, 2018

Thanks!

When will this be published?

@simov
Copy link
Member

simov commented May 21, 2018

I've published v2.87 with the patch.

@thisRaptori thisRaptori mentioned this pull request May 26, 2018
Closed
@simov simov mentioned this pull request May 28, 2018
Closed
@LEQADA LEQADA mentioned this pull request Jun 8, 2018
Closed
@mikeseese mikeseese mentioned this pull request Jun 14, 2018
Merged
@natelaws natelaws mentioned this pull request Jun 18, 2018
Closed
This was referenced Jul 4, 2018
Merged
Closed
@Rohithzr Rohithzr mentioned this pull request Jul 4, 2018
Closed
2 tasks
kunagpal added a commit to postmanlabs/postman-request that referenced this pull request Jul 9, 2018
@kunagpal
Merge branch 'master' into feature/bindOn
e9797e7 
* master:
  Update test certificates
  2.87.1
  Update changelog
  2.87.0
  Replace hawk dependency with a local implemenation (request#2943)
@kt3k kt3k mentioned this pull request Sep 17, 2018
Closed
@mattrayner mattrayner mentioned this pull request Oct 23, 2018
Closed
@smashwilson smashwilson mentioned this pull request Oct 31, 2018
Open
@kunagpal kunagpal mentioned this pull request Nov 1, 2018
Closed
gene1wood added a commit to gene1wood/auth0-custom-lock that referenced this pull request Jan 18, 2019
@gene1wood
Update dev dependency on node-sass to 4.9.3 to mitigate cryptiles vul…
c404245 
…nerability

Dev dependencies contain `gulp-sass`
which depends on `node-sass`
`node-sass` [`4.9.3` requires `request` `2.87.0`](sass/node-sass#2435)
[`request` `2.87.0` removes dependency on `hawk`](request/request#2943)
`hawk` depends on `cryptiles`
`cryptiles` has the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
@tansongyang tansongyang mentioned this pull request Mar 15, 2019
Open
@dependabot dependabot bot mentioned this pull request Mar 16, 2021
Open
@dependabot dependabot bot mentioned this pull request Mar 18, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hueniverse @simov @mikeal