-
Notifications
You must be signed in to change notification settings - Fork 874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP - Switch to Faraday #11087
WIP - Switch to Faraday #11087
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Hi @catlee ,
|
This is a pretty significant restriction. Many of the methods in the code pass around a Do you have any suggestions for how to resolve this? I wonder if it's possible to create an adapter for
The test suite seems very comprehensive. Are there areas of particular concern? |
Hey @catlee |
@bajajneha27 Any news? Since HTTPClient has been unmaintained for a long time, you should also consider whether this is a security issue #2348 (comment)
|
bump :( |
Unfortunately, we're having bigger and bigger issues with httpclient, so it'd be great if we can have this ready. @bajajneha27 are there any updates on this topic? The issue is indeed severe (for us it's like if we touch the code that uses google cloud storage, we then likely need a workaround for a new problem). UPD: sorry for double commenting, github was lagging yesterday |
Hi everyone, |
@bajajneha27 I'm not sure if you are aware, but I don't understand how this can be considered, "not pressing". |
While we work on moving away from HttpClient, a new version of gem that patches the client to use systems default root CA path is now released. |
Now, |
We'll make sure |
Just registering my disappointment that you guys have open source community members willing to work on a security issue to make a Google product more secure, useable, and future-proof, but are refusing to let them. If breaking changes are an issue, just call it a new major version. A broken 8 year old abandoned SSL implementation is not going to hold forever, and is probably full of security holes as it is since literally nobody has touched that code in coming up on a decade... @dazuma @bajajneha27 |
No description provided.