Bump google-cloud-storage to version 2.58.1 #1026
Conversation
Cherry pick to beta success |
1 similar comment
Cherry pick to beta success |
Cherry pick to beta success |
| <groupId>com.google.api.grpc</groupId> | ||
| <artifactId>proto-google-iam-v1</artifactId> | ||
| </exclusion> | ||
| <exclusion> |
There was a problem hiding this comment.
Is it okay to remove this exclusion?
There was a problem hiding this comment.
Yes, I did it in a second commit because it failed the test execution. It was looking for a protbuf class in runtime.
There was a problem hiding this comment.
But for some reason that dependency had been excluded... I don't think it's good to add it just like that without being clear about why you need it now and before your change you didn't.
There was a problem hiding this comment.
The original library (v1.118.1) was made on August 2021, we are updating it to the latest from october 2025.
When we added it it didn't use anything from protobuf for the functions we use in GX, therefore someone exclude it, samewere in 4 years they made changes there and now they use a class from protobuf to a function we need on GX since it failed on the tests. What? Why? I don't know, it's a transitive reference, tests failed with the message that it couldn't find some protbuf class executing on github. We could try to exclude it again but the test will fail again.
|
You question has an answer |
3 participants
Issue:206683
Bump google-cloud-storage from version 1.118.1 to version 2.58.1 (latest)
Fix CVE-2021-22573 from transitive dependency google-oauth-client
Fix CVE-2022-25647 from transitive dependency gson
Add overwrite to transitive dependency grpc-netty-shaded version 1.71.0 to 1.75.0 because of CVE-2025-55163
#GXSEC