nodejs-logging icon indicating copy to clipboard operation
nodejs-logging copied to clipboard

Published 20 hours ago verified publisher icon googleapis

`@google-cloud/logging-min` not being released

Open vlinder opened this issue 10 months ago • 1 comments

It seems that the package @google-cloud/logging-min is not being kept up to date and released at the same time as @google-cloud/logging

@google-cloud/loggin-min still has a dependency on an old version of 'google-gax': '^3.5.2' which now has a security vulnerability through protobufjs.

Would it be possible to release @google-cloud/logging-min together with @google-cloud/logging?

vlinder avatar Apr 11 '24 09:04 vlinder

@cindy-peng any chance you can take a look at this? It would be great to get a new release of @google-cloud/logging-min

jportner avatar Jun 04 '24 14:06 jportner

@cindy-peng What is going on here, why is it taking months to get this fixed? There is a critical vulnerability in a dependency that is not getting fixed due to this seemingly trivial task.

klon avatar Aug 17 '24 20:08 klon

Sorry about the late response! We have released a newer version for @google-cloud/logging-min: https://www.npmjs.com/package/@google-cloud/logging-min?activeTab=readme Please retry and let us know if this resolves the vulnerability issue. Thanks!

cindy-peng avatar Sep 10 '24 21:09 cindy-peng

Closing issue as the new version has been released and should resolve the vulnerability.

cindy-peng avatar Sep 24 '24 16:09 cindy-peng