Hello!
Looks like v3.4.4 patched a security vulnerability from parsing the API key.
I'd love to upgrade our own version of gibbon (we're on v2) to get the security update. But, I noticed that gibbon has dropped support for faraday <1 as of gibbon v3.4.1. faraday ends up touching lots of things, so upgrading is looking like a big lift.
And so, would it be possible to release a security patch for gibbon v3.4.0, which is the last version that supports faraday <1? I noticed that gibbon doesn't have branches for past releases, or I'd also be happy to make a PR, or let me know if I can help in any way.
Thank you so much!
Hello!
Looks like
v3.4.4patched a security vulnerability from parsing the API key.I'd love to upgrade our own version of
gibbon(we're on v2) to get the security update. But, I noticed thatgibbonhas dropped support forfaraday <1as ofgibbon v3.4.1.faradayends up touching lots of things, so upgrading is looking like a big lift.And so, would it be possible to release a security patch for
gibbon v3.4.0, which is the last version that supportsfaraday <1? I noticed thatgibbondoesn't have branches for past releases, or I'd also be happy to make a PR, or let me know if I can help in any way.Thank you so much!