fix: Upgrade the protobufjs dependency for bigquery storage#8136
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the protobufjs peer dependency version range in handwritten/bigquery-storage/package.json. Feedback suggests updating the corresponding devDependencies to maintain consistency across development and CI environments.
| }, | ||
| "peerDependencies": { | ||
| "protobufjs": "7.2.4 - 7.5.0" | ||
| "protobufjs": "^7.5.5" |
Contributor
There was a problem hiding this comment.
When updating a peerDependency range, it is important to also update the corresponding devDependency to ensure that the development environment and CI tests are running against a version that satisfies the new requirement. Since protobufjs is typically listed in devDependencies for testing purposes in this repository, please ensure that its version is also updated to ^7.5.5 to maintain consistency and avoid potential conflicts during local development or CI runs.
Contributor
Author
There was a problem hiding this comment.
protobufjs is not listed in dev dependencies.
…com/googleapis/google-cloud-node into upgrade-bigquery-storage-protobufjs
alvarowolfx
approved these changes
Apr 29, 2026
thiyaguk09
pushed a commit
to thiyaguk09/google-cloud-node-fork
that referenced
this pull request
May 5, 2026
…is#8136) * Upgrade the protobuf peer dependency * fix: Upgrade the protobufjs dependency for bigquery storage
This was referenced May 5, 2026
Merged
gcf-merge-on-green Bot
pushed a commit
that referenced
this pull request
May 11, 2026
🤖 I have created a release *beep* *boop* --- <details><summary>common: 6.0.1</summary> ## [6.0.1](https://togithub.com/googleapis/google-cloud-node/compare/common-v6.0.0...common-v6.0.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>jsdoc-fresh: 5.0.3</summary> ## [5.0.3](https://togithub.com/googleapis/google-cloud-node/compare/jsdoc-fresh-v5.0.2...jsdoc-fresh-v5.0.3) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>jsdoc-region-tag: 4.0.2</summary> ## [4.0.2](https://togithub.com/googleapis/google-cloud-node/compare/jsdoc-region-tag-v4.0.1...jsdoc-region-tag-v4.0.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>pack-n-play: 4.2.2</summary> ## [4.2.2](https://togithub.com/googleapis/google-cloud-node/compare/pack-n-play-v4.2.1...pack-n-play-v4.2.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>gapic-generator: 4.11.14</summary> ## [4.11.14](https://togithub.com/googleapis/google-cloud-node/compare/gapic-generator-v4.11.13...gapic-generator-v4.11.14) (2026-05-11) ### Bug Fixes * Add logic to check for IAM RPC methods within the service before adding mixin to avoid generating duplicate methods ([#7929](https://togithub.com/googleapis/google-cloud-node/issues/7929)) ([b908005](https://togithub.com/googleapis/google-cloud-node/commit/b90800518eb02799a812e6c2d21f57216564da30)) * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * **gapic-generator-typescript:** Add .boolean() to diregapic and handwritten_layer ([#8100](https://togithub.com/googleapis/google-cloud-node/issues/8100)) ([5b4ab3b](https://togithub.com/googleapis/google-cloud-node/commit/5b4ab3bd8487ad5ba4816157e0deb33d418ed836)) </details> <details><summary>google-gax: 5.0.7</summary> ## [5.0.7](https://togithub.com/googleapis/google-cloud-node/compare/google-gax-v5.0.6...google-gax-v5.0.7) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>gaxios: 7.1.5</summary> ## [7.1.5](https://togithub.com/googleapis/google-cloud-node/compare/gaxios-v7.1.4...gaxios-v7.1.5) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>gcp-metadata: 8.1.3</summary> ## [8.1.3](https://togithub.com/googleapis/google-cloud-node/compare/gcp-metadata-v8.1.2...gcp-metadata-v8.1.3) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>google-auth-library: 10.6.3</summary> ## [10.6.3](https://togithub.com/googleapis/google-cloud-node/compare/google-auth-library-v10.6.2...google-auth-library-v10.6.3) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>google-logging-utils: 1.1.4</summary> ## [1.1.4](https://togithub.com/googleapis/google-cloud-node/compare/google-logging-utils-v1.1.3...google-logging-utils-v1.1.4) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>googleapis-common: 8.0.2</summary> ## [8.0.2](https://togithub.com/googleapis/google-cloud-node/compare/googleapis-common-v8.0.1...googleapis-common-v8.0.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>proto3-json-serializer: 3.0.5</summary> ## [3.0.5](https://togithub.com/googleapis/google-cloud-node/compare/proto3-json-serializer-v3.0.4...proto3-json-serializer-v3.0.5) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>retry-request: 8.0.3</summary> ## [8.0.3](https://togithub.com/googleapis/google-cloud-node/compare/retry-request-v8.0.2...retry-request-v8.0.3) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>gapic-tools: 1.0.6</summary> ## [1.0.6](https://togithub.com/googleapis/google-cloud-node/compare/gapic-tools-v1.0.5...gapic-tools-v1.0.6) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>paginator: 6.0.1</summary> ## [6.0.1](https://togithub.com/googleapis/google-cloud-node/compare/paginator-v6.0.0...paginator-v6.0.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>precise-date: 5.0.1</summary> ## [5.0.1](https://togithub.com/googleapis/google-cloud-node/compare/precise-date-v5.0.0...precise-date-v5.0.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>projectify: 5.0.1</summary> ## [5.0.1](https://togithub.com/googleapis/google-cloud-node/compare/projectify-v5.0.0...projectify-v5.0.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>promisify: 5.0.1</summary> ## [5.0.1](https://togithub.com/googleapis/google-cloud-node/compare/promisify-v5.0.0...promisify-v5.0.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>bigquery: 8.3.1</summary> ## [8.3.1](https://togithub.com/googleapis/google-cloud-node/compare/bigquery-v8.3.0...bigquery-v8.3.1) (2026-05-11) ### Bug Fixes * **bigquery:** Run npm run types in correct directory in owlbot ([#8061](https://togithub.com/googleapis/google-cloud-node/issues/8061)) ([0948b35](https://togithub.com/googleapis/google-cloud-node/commit/0948b354bab60bbae906b7e9f8996b5b35754361)) * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * Pin @sinonjs/fake-timers to unblock build in bigquery ([#8121](https://togithub.com/googleapis/google-cloud-node/issues/8121)) ([374167b](https://togithub.com/googleapis/google-cloud-node/commit/374167bd4c1b45c38112938df55e821fdeb82c97)) </details> <details><summary>bigquery-storage: 5.1.1</summary> ## [5.1.1](https://togithub.com/googleapis/google-cloud-node/compare/bigquery-storage-v5.1.0...bigquery-storage-v5.1.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * Upgrade the protobufjs dependency for bigquery storage ([#8136](https://togithub.com/googleapis/google-cloud-node/issues/8136)) ([778adb0](https://togithub.com/googleapis/google-cloud-node/commit/778adb0d5f368448f99bf68dcbcf37c3a7394f5d)) </details> <details><summary>bigtable: 6.5.1</summary> ## [6.5.1](https://togithub.com/googleapis/google-cloud-node/compare/bigtable-v6.5.0...bigtable-v6.5.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>cloud-profiler: 6.0.5</summary> ## [6.0.5](https://togithub.com/googleapis/google-cloud-node/compare/cloud-profiler-v6.0.4...cloud-profiler-v6.0.5) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>datastore: 10.1.1</summary> ## [10.1.1](https://togithub.com/googleapis/google-cloud-node/compare/datastore-v10.1.0...datastore-v10.1.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * Upgrade protobufjs and fix legacy key decoding in Datastore ([#8088](https://togithub.com/googleapis/google-cloud-node/issues/8088)) ([939d18d](https://togithub.com/googleapis/google-cloud-node/commit/939d18dfd14295405a06d2023651d006d4992310)) </details> <details><summary>firestore: 8.6.0</summary> ## [8.6.0](https://togithub.com/googleapis/google-cloud-node/compare/firestore-v8.5.0...firestore-v8.6.0) (2026-05-11) ### Features * **firestore:** Added FieldValue.minimum() and FieldValue.maximum() ([#8151](https://togithub.com/googleapis/google-cloud-node/issues/8151)) ([41671b0](https://togithub.com/googleapis/google-cloud-node/commit/41671b08ba94df02ab6fd42ea216dbcfe51d18ad)) * **firestore:** Added search stage support for languageCode, offset, limit, and retrievalDepth ([#8161](https://togithub.com/googleapis/google-cloud-node/issues/8161)) ([4acb075](https://togithub.com/googleapis/google-cloud-node/commit/4acb07593b5c6a1387a1dfb97bf7ab4cd399f329)) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * **firestore:** Ensure limit(0) is properly serialized in query requests ([#8076](https://togithub.com/googleapis/google-cloud-node/issues/8076)) ([8631008](https://togithub.com/googleapis/google-cloud-node/commit/86310088f5dea61b4dfe3580e273b34aad79eac0)), closes [#7382](https://togithub.com/googleapis/google-cloud-node/issues/7382) * **firestore:** Respect `ignoreUndefinedProperties` in subpipelines ([#8089](https://togithub.com/googleapis/google-cloud-node/issues/8089)) ([a9f6c3f](https://togithub.com/googleapis/google-cloud-node/commit/a9f6c3f3f721ba4920d925de6afa24ba9e81c7ad)) </details> <details><summary>logging: 11.2.2</summary> ## [11.2.2](https://togithub.com/googleapis/google-cloud-node/compare/logging-v11.2.1...logging-v11.2.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>logging-bunyan: 5.1.2</summary> ## [5.1.2](https://togithub.com/googleapis/google-cloud-node/compare/logging-bunyan-v5.1.1...logging-bunyan-v5.1.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>logging-winston: 6.0.2</summary> ## [6.0.2](https://togithub.com/googleapis/google-cloud-node/compare/logging-winston-v6.0.1...logging-winston-v6.0.2) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) </details> <details><summary>pubsub: 5.3.1</summary> ## [5.3.1](https://togithub.com/googleapis/google-cloud-node/compare/pubsub-v5.3.0...pubsub-v5.3.1) (2026-05-11) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * **pubsub:** Remove messages from leasing on nackWithResponse ([#7817](https://togithub.com/googleapis/google-cloud-node/issues/7817)) ([841f0ca](https://togithub.com/googleapis/google-cloud-node/commit/841f0ca06d3d70278bb1d0c99535ad3c73c3d5d4)) </details> <details><summary>storage: 7.20.0</summary> ## [7.20.0](https://togithub.com/googleapis/google-cloud-node/compare/storage-v7.19.0...storage-v7.20.0) (2026-05-11) ### Features * **storage:** Implement Object Contexts with advanced filtering and validation ([#7548](https://togithub.com/googleapis/google-cloud-node/issues/7548)) ([d60757e](https://togithub.com/googleapis/google-cloud-node/commit/d60757e2c61077ee3dfd881be45ef7ca554bd038)) * **storage:** Implement robust path validation and structured skip reporting ([#7546](https://togithub.com/googleapis/google-cloud-node/issues/7546)) ([113d05c](https://togithub.com/googleapis/google-cloud-node/commit/113d05c3bf068487bd81a7d4dbb4510f89142618)) * **storage:** Set CRC32C as the default checksum option ([#7547](https://togithub.com/googleapis/google-cloud-node/issues/7547)) ([1a693aa](https://togithub.com/googleapis/google-cloud-node/commit/1a693aa3ade3ffb2ac25ff54677602d199b5e3da)) ### Bug Fixes * Bump all node submodules ([#8178](https://togithub.com/googleapis/google-cloud-node/issues/8178)) ([9fd76ef](https://togithub.com/googleapis/google-cloud-node/commit/9fd76eff87b1cf02db6205f141449b31e8ab7d8f)) * Resolve flakiness in Service retry system tests ([#7945](https://togithub.com/googleapis/google-cloud-node/issues/7945)) ([1a44778](https://togithub.com/googleapis/google-cloud-node/commit/1a44778856255471fa96e7df26e232ffb543d87c)) </details> --- This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR cherry picks one of the security upgrades mentioned in #8071 instead of merging that PR because we have not had time yet to analyze the other security upgrade for profiler in that PR.
Initially, there was a hypothesis that the
protobufjsdependency was pinned for the same reason as in datastore. Under further investigation however, we concluded that the issue in datastore was protobufjs groups related while the bigquery-storage issue with protobufjs was not.The expectation is that we will still not see flakey tests that originally appeared in the issues solved by googleapis/nodejs-bigquery-storage#567.
For posterity, #8088 was the fix applied in datastore which is not necessary here.
Impact
Resolves a security issue with protobufjs in bigquery-storage.
Testing
system tests and unit tests already exist that reveal the problem with the protobufjs upgrade to version 7.5.2. However, a fix was introduced in 7.5.3 for the issue and I can see unit tests and system tests pass for bigquery-storage with the latest protobuf version.
The flakey tests for v7.5.2 were:
nested struct
convert both string and numeric value of table schema field type
should automatically convert date/datetime/timestamps to expect BigQuery format
every 10 request drops the connection
adapts BQ Schema to Proto descriptor
I have only seen
every 10 request drops the connectioncontinue to be flakey, but this seems to be more of a connection issue than a protobufjs issue.