gcp-dataprep-bigquery-twitter-stream icon indicating copy to clipboard operation
gcp-dataprep-bigquery-twitter-stream copied to clipboard

Published 20 hours ago verified publisher icon jeremylorino

[Snyk] Fix for 1 vulnerabilities

Open jeremylorino opened this issue 9 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @google-cloud/logging-winston The new version differs by 103 commits.
  • 8305c92 chore: release 1.0.0 (#326)
  • a46f385 chore: remove root and samples package-lock.json (#338)
  • fc87d65 fix(deps): bump minimum required dependencies (#336)
  • 2d72bc1 chore: update @ google-cloud/common to 2.x (#331)
  • d55c939 build: remove verbose logging from test scripts (#332)
  • 2214438 build: ignore proto files in test coverage (#330)
  • 9afc5e0 chore: clean up dev dependencies (#327)
  • c83050b build: add configuration for automated doc deployment (#328)
  • 059c2a1 fix(deps): update dependency @ google-cloud/logging to v5 (#324)
  • b3d666e build: updated kokoro config for coverage and release-please (#321)
  • 6260654 build: add new kokoro config for coverage and release-please (#320)
  • 450295f fix: use immutable winston level (#319)
  • 6182968 fix(deps): update dependency google-auth-library to v4 (#317)
  • c7ab418 chore(deps): update dependency @ google-cloud/common to v1 (#318)
  • 27b41e4 chore(chore): upgrade to gts 1.0.0 (#310)
  • d466a45 build: only pipe to codecov if tests run on Node 10
  • a61911b build: allow Node 10 on presubmit to push to codecov (#316)
  • 7418f77 build: allow Node 10 to push to codecov (#315)
  • 1f3e345 build: patch Windows container, fixing Node 10 (#314)
  • 7010ee5 chore: do not run CI on grpc-js (#311)
  • 7ff405c chore(deps): update dependency eslint-plugin-node to v9 (#312)
  • c777689 build!: upgrade engines field to >=8.10.0 (#308)
  • 08631b7 chore!: drop node 6 support (#307)
  • f762657 chore: removing node6 CI (#309)

See the full diff

Package name: @google-cloud/pubsub The new version differs by 250 commits.
  • bb26010 chore: release 0.29.0 (#609)
  • c72491f refactor(subscriber): message stream retry logic (#607)
  • 46c75a2 chore(deps): update dependency jsdoc to v3.6.2 (#606)
  • ef45af3 refactor: use core grpc (#608)
  • 6415e7c fix(deps): update dependency google-gax to v1 (#604)
  • 2e669a1 fix(deps): update dependency @ google-cloud/precise-date to v1 (#603)
  • baf9d39 fix(deps): update dependency google-auth-library to v4 (#601)
  • 1ae8db9 fix: DEADLINE_EXCEEDED retry code is idempotent (#605)
  • a72df8a test: fix snapshot fixture creation (#602)
  • 39b1dac fix: DEADLINE_EXCEEDED no longer treated as idempotent and retried
  • 22dc668 build: update build config and doc comments (#593)
  • 181553a fix(deps): update dependency @ google-cloud/paginator to v1 (#592)
  • 76f5c7b build: allow Node 10 on presubmit to push to codecov (#598)
  • bbc59fa build: allow Node 10 to push to codecov (#597)
  • 397f876 build: patch Windows container, fixing Node 10 (#596)
  • a9dd7f1 chore: do not run CI on grpc-js (#586)
  • fb76bf4 chore(deps): update dependency eslint-plugin-node to v9 (#587)
  • d01d010 fix(deps): update dependency @ google-cloud/projectify to v1 (#588)
  • dad7530 fix(deps): update dependency @ google-cloud/promisify to v1 (#589)
  • 6ef6260 chore(deps): update dependency gts to v1 (#579)
  • 2116474 build!: upgrade engines field to >=8.10.0 (#584)
  • 2004351 chore: removing node6 CI (#585)
  • 4214a4f fix(deps): update dependency google-gax to ^0.26.0 (#583)
  • b5f8df2 chore: update formatting for generated code (#580)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

jeremylorino avatar May 21 '24 02:05 jeremylorino