Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update minimum google-gax to avoid taffydb vulnerabilities #1695

Merged
merged 1 commit into from
Mar 8, 2023
Merged

fix: update minimum google-gax to avoid taffydb vulnerabilities #1695

merged 1 commit into from
Mar 8, 2023

Conversation

tomgrossman
Copy link
Contributor

GHSA-mxhp-79qh-mcx6

fixes #1692

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #1692 馃

Note: If you are opening a pull request against a legacy branch, PLEASE BE AWARE that we generally won't accept these except for things like important security fixes, and only for a limited time.

@tomgrossman tomgrossman requested review from a team as code owners March 8, 2023 08:09
@product-auto-label product-auto-label bot added size: xs Pull request size is extra small. api: pubsub Issues related to the googleapis/nodejs-pubsub API. labels Mar 8, 2023
@tomgrossman tomgrossman mentioned this pull request Mar 8, 2023
Closed
@feywind feywind added the owlbot:run Add this label to trigger the Owlbot post processor. label Mar 8, 2023
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Mar 8, 2023
@feywind feywind added kokoro:force-run Add this label to force Kokoro to re-run the tests. automerge: exact Summon MOG for automerging, but approvals need to be against the latest commit labels Mar 8, 2023
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 8, 2023
@feywind
Copy link
Collaborator

feywind commented Mar 8, 2023

When this is done trundling its way through all the bots, I'll merge the release PR too. Thanks!

@gcf-merge-on-green gcf-merge-on-green bot merged commit 11372e6 into googleapis:main Mar 8, 2023
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge: exact Summon MOG for automerging, but approvals need to be against the latest commit label Mar 8, 2023
@release-please release-please bot mentioned this pull request Mar 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feywind feywind feywind approved these changes

Assignees
No one assigned
Labels
api: pubsub Issues related to the googleapis/nodejs-pubsub API. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade google-gax to 3.5.6 which doesn't include vulnerable taffydb package
3 participants
@tomgrossman @feywind @yoshi-kokoro