Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @google-cloud/storage from 1.6.0 to 5.19.0 #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @google-cloud/storage from 1.6.0 to 5.19.0 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @google-cloud/storage The new version differs by 250 commits.
  • 66d5b57 chore(main): release 5.19.0 (#1845)
  • caf7ee5 feat: Dual Region Support (#1814)
  • 91fe5ed chore(deps): update actions/setup-node action to v3 (#1393) (#1843)
  • 21cbce0 chore(deps): Internalize common (#1839)
  • 58903d6 chore: Enable Size-Label bot in all googleapis NodeJs repositories (#1382) (#1841)
  • 53b988c docs: add callout for crc32c checksum and md5 hash options (#1830)
  • 5775279 docs: add offset to createResumableUpload docs (#1840)
  • 8418f20 chore: move gcs-resumable-upload (#1833)
  • 465a5cd docs: fix lifecycle typo (#1831)
  • 3fd8488 chore(main): release 5.18.3 (#1826)
  • 5522b35 fix: encode name portion when calling publicUrl function (#1828)
  • a10b91e test: Clean-up sample test buckets by prefix (#1825)
  • cf6f787 samples: set client endpoint (#1812)
  • ac786c3 chore: Update createBucketWithTurboReplication.js (#1809)
  • f72cdc5 chore(deps): update actions/checkout action to v3 (#1808)
  • a3e3d33 refactor: Improve `offset` < `numBytesWritten` error message (#1806)
  • 99caf88 chore(deps): update actions/setup-node action to v3 (#1802)
  • be70dae fix: fixed typo (#1803)
  • ca96958 test: Repair and Refactor Requester Pays Tests (#1800)
  • e9cce0d docs: Document `DownscopedClient` usage (#1797)
  • c4a27e9 chore: fix npm link url (provided by github user galkin) (#1799)
  • 4e95330 chore: refactor exception strings into enums (#1790)
  • faca1dd chore: update system test message for requester pays error (#1791)
  • 3149457 build: Pin TypeScript to 3.9.x (#1787)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot