-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy on backporting fixes #293
Comments
@millerick what package dependency are you using that depends on |
Unfortunately the long deprecated https://www.npmjs.com/package/request |
Yes, I had a suspicion it was The good news is that you shouldn't need #283 though because of how
You may have to confirm this against the version of |
To provide an explicit answer and close the issue, we are planning on releasing v5 in the near future. Once we do that, we will will only backport security fixes for v4. We will guarantee backports for at least one year. After that we will decide on a case by case basis, depending on the severity of the issue and the number of users impacted. |
My organization (unfortunately) still makes use of some older packages that use
tough-cookie@~2.5.0
as a dependency. Is there any possibility that the fix in https://github.com/salesforce/tough-cookie/pull/283/files can be backported as a patch to that minor version? I would be more than happy to make the pull request to do so, but don't see a branch that matches with2.5.0
.The text was updated successfully, but these errors were encountered: