The 2.1.0 release never got published to npm

[JustinBeckwith]

Looking here:
#174

It looks like 2.1.0 never went out, despite the GitHub Release getting created. This bug is to unstick this release.

To track the overall problem:
googleapis/releasetool#229

[AaronFriel]

What's the ETA on deploying this? Any indirect consumers using npm audit as part of their release process is blocked on builds.

[bcoe]

@AaronFriel please try this out npm i gaxios@2.1.0, just released it manually, since we didn't quite have things setup for automation yet.

[IlleQuiProgrammat]

I just tested it and can confirm it works--came here after noticing it was using a vulnerable version of https-proxy-agent. Thanks, @JustinBeckwith i think this can be closed now?

[AaronFriel]

🙌 thank you! npm audit fix is still not picking up the resolution path (not sure what algorithm it uses), but manually installing gaxios@2.1.0 resulted in npm audit passing.

Anyone using packages such as @google-cloud/kms may need to perform the same resolution steps.

[JustinBeckwith]

Oh weird - can you try deleting your package-lock.json and node_modules and running npm install again? With a clean install I'm seeing:

nodejs-kms (master) $ npm ls --production gaxios
@google-cloud/kms@1.5.0 /Users/beckwith/Code/nodejs-kms
└─┬ google-gax@1.7.5
  └─┬ google-auth-library@5.5.0
    ├── gaxios@2.1.0 
    ├─┬ gcp-metadata@3.2.0
    │ └── gaxios@2.1.0  deduped
    └─┬ gtoken@4.1.0
      └── gaxios@2.1.0  deduped

[IlleQuiProgrammat]

It might be their server caching the value perhaps and only when it was specifically requested did they look it up---like DNS servers I suppose.

[AaronFriel]

@JustinBeckwith I reverted back to the commit that was failing npm audit and ran npm audit fix again and it resolved automatically. Looks like you're right about some caching involved.

[bcoe]

sounds like this is resolved, let us know if you bump into any more issues 👍