Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: gaxios, google-auth-library, google-gax, , , , , , c8, express, fsevents, jsonwebtoken, lru-cache, gcf-utils, gts, mocha, nock, sinon, typescript #481

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: gaxios, google-auth-library, google-gax, , , , , , c8, express, fsevents, jsonwebtoken, lru-cache, gcf-utils, gts, mocha, nock, sinon, typescript #481

wants to merge 1 commit into from

Conversation

WontonSam
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

gaxios
from 5.0.1 to 6.7.1 | 20 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-13
google-auth-library
from 8.7.0 to 9.14.0 | 22 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-20
google-gax
from 3.6.1 to 4.3.9 | 23 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-07
@google-cloud/secret-manager
from 4.2.2 to 5.6.0 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-21
@googleapis/iam
from 3.0.1 to 23.0.0 | 30 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-20
@types/express
from 4.17.13 to 4.17.21 | 8 versions ahead of your current version | 10 months ago
on 2023-11-07
@types/mocha
from 10.0.0 to 10.0.7 | 7 versions ahead of your current version | 3 months ago
on 2024-06-22
@types/sinon
from 10.0.13 to 17.0.3 | 11 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 8 months ago
on 2024-01-10
c8
from 7.14.0 to 10.1.2 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-13
express
from 4.18.1 to 4.19.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-25
fsevents
from 2.3.2 to 2.3.3 | 1 version ahead of your current version | a year ago
on 2023-08-21
jsonwebtoken
from 9.0.0 to 9.0.2 | 2 versions ahead of your current version | a year ago
on 2023-08-30
lru-cache
from 7.14.0 to 11.0.0 | 40 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
gcf-utils
from 14.4.6 to 15.0.1 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-09-26
gts
from 4.0.1 to 5.3.1 | 10 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-11
mocha
from 10.0.0 to 10.7.3 | 12 versions ahead of your current version | a month ago
on 2024-08-09
nock
from 13.2.9 to 13.5.5 | 16 versions ahead of your current version | 25 days ago
on 2024-08-20
sinon
from 15.0.2 to 18.0.0 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-15
typescript
from 4.8.2 to 5.5.4 | 680 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 112 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JS-PROBOT-6129524		 112 No Known Exploit
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 112 Proof of Concept
high severity Infinite loop
SNYK-JS-MARKDOWNIT-6483324		 112 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 112 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 112 No Known Exploit
high severity Improper Handling of Exceptional Conditions
SNYK-JS-OCTOKITWEBHOOKS-6129527		 112 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 112 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 112 No Known Exploit
medium severity Uncontrolled Resource Consumption
SNYK-JS-GRPCGRPCJS-7242922		 112 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 112 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 112 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 112 No Known Exploit
Release notes
Package name: gaxios from gaxios GitHub release notes
Package name: google-auth-library
  • 9.14.0 - 2024-08-20

    9.14.0 (2024-08-19)

    Features

    Bug Fixes

    • deps: Update dependency @ googleapis/iam to v21 (#1847) (e9459f3)
  • 9.13.0 - 2024-07-31

    9.13.0 (2024-07-29)

    Features

    • Group Concurrent Access Token Requests for Base External Clients (#1840) (0e08fc5)
  • 9.12.0 - 2024-07-27

    9.12.0 (2024-07-26)

    Features

    Bug Fixes

    • deps: Update dependency @ googleapis/iam to v19 (#1823) (b070ffb)
    • deps: Update dependency @ googleapis/iam to v20 (#1832) (e31a831)
  • 9.11.0 - 2024-06-12

    9.11.0 (2024-06-01)

    Features

    • Adding support of client authentication method. (#1814) (4a14e8c)
  • 9.10.0 - 2024-05-13

    9.10.0 (2024-05-10)

    Features

    • Implement UserRefreshClient#fetchIdToken (#1811) (ae8bc54)

    Bug Fixes

    • deps: Update dependency @ googleapis/iam to v16 (#1803) (40406a0)
    • deps: Update dependency @ googleapis/iam to v17 (#1808) (4d67f07)
    • deps: Update dependency @ googleapis/iam to v18 (#1809) (b2b9676)
  • 9.9.0 - 2024-04-24

    9.9.0 (2024-04-18)

    Features

    • Adds suppliers for custom subject token and AWS credentials (#1795) (c680b5d)
  • 9.8.0 - 2024-04-15

    9.8.0 (2024-04-12)

    Features

    Bug Fixes

  • 9.7.0 - 2024-03-13

    9.7.0 (2024-03-12)

    Features

    Bug Fixes

    • deps: Update dependency @ googleapis/iam to v15 (#1772) (f45f975)
    • Making aws request signer get a new session token each time security credentials are requested. (#1765) (6a6e496)
  • 9.6.3 - 2024-02-06

    9.6.3 (2024-02-06)

    Bug Fixes

    • Always sign with scopes on Non-Default Universes (#1752) (f3d3a03)
  • 9.6.2 - 2024-02-02

    9.6.2 (2024-02-02)

    Bug Fixes

  • 9.6.1 - 2024-02-01
  • 9.6.0 - 2024-01-29
  • 9.5.0 - 2024-01-25
  • 9.4.2 - 2024-01-10
  • 9.4.1 - 2023-12-01
  • 9.4.0 - 2023-11-30
  • 9.3.0 - 2023-11-29
  • 9.2.0 - 2023-10-26
  • 9.1.0 - 2023-10-02
  • 9.0.0 - 2023-07-20
  • 8.9.0 - 2023-06-29
  • 8.8.0 - 2023-05-02
  • 8.7.0 - 2022-11-09
from google-auth-library GitHub release notes
Package name: google-gax
  • 4.3.9 - 2024-08-07

    4.3.9 (2024-08-06)

    Bug Fixes

    • reduce duplicate code in streaming retries and add a test (#1636) (83b52e1)
    • test application cleanup (#1639) (76ac496)
  • 4.3.8 - 2024-07-08

    4.3.8 (2024-07-08)

    Bug Fixes

    • deps: remove rimraf in favor of native node rm function (#1626) (dd87646)
  • 4.3.7 - 2024-06-20

    4.3.7 (2024-06-19)

    Bug Fixes

  • 4.3.6 - 2024-06-07

    4.3.6 (2024-06-06)

    Bug Fixes

  • 4.3.5 - 2024-05-28
  • 4.3.4 - 2024-05-23
  • 4.3.3 - 2024-05-03
  • 4.3.2 - 2024-03-27
  • 4.3.1 - 2024-02-12
  • 4.3.0 - 2024-02-01
  • 4.2.1 - 2024-01-24
  • 4.2.0 - 2024-01-22
  • 4.1.0 - 2024-01-12
  • 4.0.6-experimental - 2023-12-22
  • 4.0.5 - 2023-10-17
  • 4.0.5-experimental - 2023-12-22
  • 4.0.4 - 2023-09-15
  • 4.0.3 - 2023-07-27
  • 4.0.2 - 2023-07-25
  • 4.0.2-debug - 2023-07-25
  • 4.0.1 - 2023-07-21
  • 4.0.1-debug - 2023-07-25
  • 4.0.0 - 2023-05-17
  • 3.6.1 - 2023-07-10
from google-gax GitHub release notes
Package name: @google-cloud/secret-manager
  • 5.6.0 - 2024-05-21
  • 5.5.0 - 2024-05-03
  • 5.4.0 - 2024-04-25
  • 5.3.0 - 2024-04-02
  • 5.2.0 - 2024-03-12
  • 5.1.0 - 2024-02-13
  • 5.0.1 - 2023-09-06
  • 5.0.0 - 2023-08-07
  • 4.2.2 - 2023-04-14
from @google-cloud/secret-manager GitHub release notes
Package name: @googleapis/iam
  • 23.0.0 - 2024-08-20
  • 22.0.0 - 2024-08-17
  • 21.0.0 - 2024-08-17
  • 20.0.0 - 2024-06-26
  • 19.0.0 - 2024-06-06
  • 18.1.1 - 2024-06-04
  • 18.1.0 - 2024-05-10
  • 18.0.0 - 2024-05-03
  • 17.0.0 - 2024-05-02
  • 16.0.0 - 2024-04-25
  • 15.0.0 - 2024-03-12

    15.0.0 (2024-08-30)

    ⚠ BREAKING CHANGES

    • discoveryengine: This release has breaking changes.

    Features

    • discoveryengine: update the API (d7d6c3f)
  • 14.0.1 - 2024-02-05
  • 14.0.0 - 2024-01-16
  • 13.0.1 - 2024-01-05
  • 13.0.0 - 2023-12-11
  • 12.1.0 - 2023-11-30
  • 12.0.0 - 2023-10-11
  • 11.0.3 - 2023-08-25
  • 11.0.2 - 2023-08-15
  • 11.0.1 - 2023-08-09
  • 11.0.0 - 2023-07-26
  • 10.0.0 - 2023-07-10
  • 9.0.0 - 2023-07-10
  • 8.0.0 - 2023-06-28
  • 7.1.0 - 2023-05-02
  • 7.0.0 - 2023-04-14

    7.0.0 (2024-08-30)

    ⚠ BREAKING CHANGES

    • migrationcenter: This release has breaking changes.

    Features

    • migrationcenter: update the API (d42c0fd)
  • 6.0.0 - 2023-04-10
  • 5.0.0 - 2023-03-01

    15.0.0 (2024-08-30)

    ⚠ BREAKING CHANGES

    • discoveryengine: This release has breaking changes.

    Features

    • discoveryengine: update the API (d7d6c3f)
  • 4.1.0 - 2023-02-10
  • 4.0.0 - 2022-10-28

    144.0.0 (2024-08-30)

    ⚠ BREAKING CHANGES

    • migrationcenter: This release has breaking changes.
    • discoveryengine: This release has breaking changes.
    • content: This release has breaking changes.
    • compute: This release has breaking changes.
    • aiplatform: This release has breaking changes.

    Features

    • aiplatform: update the API (5608606)
    • alloydb: update the API (ada8fc6)
    • artifactregistry: update the API (698b77f)
    • compute: update the API (42c636d)
    • content: update the API (65db039)
    • dataproc: update the API (0ce260e)
    • discoveryengine: update the API (d7d6c3f)
    • healthcare: update the API (4767f7a)
    • migrationcenter: update the API (d42c0fd)
    • regenerate index files (2f2ab88)
    • securitycenter: update the API (b82bcee)
    • servicenetworking: update the API (770e82d)

    Bug Fixes

    • analyticsadmin: update the API (9b434bb)
    • analyticsdata: update the API (725603f)
    • assuredworkloads: update the API (d19c969)
    • cloudasset: update the API (09063b6)
    • cloudfunctions: update the API (158373f)
    • places: update the API (f9b8acb)
    • retail: update the API (f2c43de)
    • sheets: update the API (2c4f5c4)
    • workspaceevents: update the API (dbdb567)
  • 3.0.1 - 2022-06-21
from @googleapis/iam GitHub release notes
Package name: @types/express
  • 4.17.21 - 2023-11-07
  • 4.17.20 - 2023-10-18
  • 4.17.19 - 2023-10-10
  • 4.17.18 - 2023-09-23
  • 4.17.17 - 2023-02-03
  • 4.17.16 - 2023-01-23
  • 4.17.15 - 2022-12-13
  • 4.17.14 - 2022-09-13
  • 4.17.13 - 2021-07-06
from @types/express GitHub release notes
Package name: @types/mocha
  • 10.0.7 - 2024-06-22
  • 10.0.6 - 2023-11-22
  • 10.0.5 - 2023-11-21
  • 10.0.4 - 2023-11-07
  • 10.0.3 - 2023-10-18
  • 10.0.2 - 2023-09-27
  • 10.0.1 - 2022-11-28
  • 10.0.0 - 2022-09-28
from @types/mocha GitHub release notes
Package name: @types/sinon
  • 17.0.3 - 2024-01-10
  • 17.0.2 - 2023-11-21
  • 17.0.1 - 2023-11-07
  • 17.0.0 - 2023-11-03
  • 10.0.20 - 2023-10-18
  • 10.0.19 - 2023-10-06
  • 10.0.18 - 2023-10-02
  • 10.0.17 - 2023-09-25
  • 10.0.16 - 2023-08-01
  • 10.0.15 - 2023-05-14
  • 10.0.14 - 2023-04-17
  • 10.0.13 - 2022-07-20
from @types/sinon GitHub release notes
Package name: c8
  • 10.1.2 - 2024-06-13

    10.1.2 (2024-06-13)

    Bug Fixes

    • deps: make monocart-coverage-reports an optional with meta defined (3b91fda)
  • 10.1.1 - 2024-06-11

    10.1.1 (2024-06-11)

    Bug Fixes

    • stop installing monocart-coverage-reports (#535) (13979a7)
  • 10.1.0 - 2024-06-11

    10.1.0 (2024-06-11)

    Features

  • 10.0.0 - 2024-06-10

    10.0.0 (2024-06-10)

    ⚠ BREAKING CHANGES

    • deps: Node 18 is now the minimum supported Node.js version

    Bug Fixes

    • deps: update test-exclude with new glob / minimatch (#531) (e33cf30)
  • 9.1.0 - 2024-01-12

    9.1.0 (2024-01-11)

    Features

    • support passing reporter options from config (#459) (88db5db)

    Bug Fixes

    • refactor: remove stale check for createDynamicModule (5e18365)
  • 9.0.0 - 2024-01-03

    9.0.0 (2024-01-03)

    ⚠ BREAKING CHANGES

    • build: minimum Node.js version is now 14.14.0

    Features

    • build: minimum Node.js version is now 14.14.0 (2cdc86b)
    • deps: update foreground-child to promise API (#512) (b46b640)
    • deps: use Node.js built in rm (2cdc86b)
  • 8.0.1 - 2023-07-25

    8.0.1 (2023-07-25)

    Bug Fixes

  • 8.0.0 - 2023-06-13

    8.0.0 (2023-06-05)

    ⚠ BREAKING CHANGES

    • dropped Node 10 support (#475)

    Miscellaneous Chores

  • 7.14.0 - 2023-05-28

    7.14.0 (2023-05-26)

    Features

    • added a new CLI arg --merge-async to asynchronously and incrementally merge process coverage files to avoid OOM due to heap exhaustion (#469) (45f2f84)
from c8 GitHub release notes
Package name: express

@snyk-bot
feat: upgrade multiple dependencies with Snyk
268a718 
Snyk has created this PR to upgrade:
  - gaxios from 5.0.1 to 6.7.1.
    See this package in npm: https://www.npmjs.com/package/gaxios
  - google-auth-library from 8.7.0 to 9.14.0.
    See this package in npm: https://www.npmjs.com/package/google-auth-library
  - google-gax from 3.6.1 to 4.3.9.
    See this package in npm: https://www.npmjs.com/package/google-gax
  - @google-cloud/secret-manager from 4.2.2 to 5.6.0.
    See this package in npm: https://www.npmjs.com/package/@google-cloud/secret-manager
  - @googleapis/iam from 3.0.1 to 23.0.0.
    See this package in npm: https://www.npmjs.com/package/@googleapis/iam
  - @types/express from 4.17.13 to 4.17.21.
    See this package in npm: https://www.npmjs.com/package/@types/express
  - @types/mocha from 10.0.0 to 10.0.7.
    See this package in npm: https://www.npmjs.com/package/@types/mocha
  - @types/sinon from 10.0.13 to 17.0.3.
    See this package in npm: https://www.npmjs.com/package/@types/sinon
  - c8 from 7.14.0 to 10.1.2.
    See this package in npm: https://www.npmjs.com/package/c8
  - express from 4.18.1 to 4.19.2.
    See this package in npm: https://www.npmjs.com/package/express
  - fsevents from 2.3.2 to 2.3.3.
    See this package in npm: https://www.npmjs.com/package/fsevents
  - jsonwebtoken from 9.0.0 to 9.0.2.
    See this package in npm: https://www.npmjs.com/package/jsonwebtoken
  - lru-cache from 7.14.0 to 11.0.0.
    See this package in npm: https://www.npmjs.com/package/lru-cache
  - gcf-utils from 14.4.6 to 15.0.1.
    See this package in npm: https://www.npmjs.com/package/gcf-utils
  - gts from 4.0.1 to 5.3.1.
    See this package in npm: https://www.npmjs.com/package/gts
  - mocha from 10.0.0 to 10.7.3.
    See this package in npm: https://www.npmjs.com/package/mocha
  - nock from 13.2.9 to 13.5.5.
    See this package in npm: https://www.npmjs.com/package/nock
  - sinon from 15.0.2 to 18.0.0.
    See this package in npm: https://www.npmjs.com/package/sinon
  - typescript from 4.8.2 to 5.5.4.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/cachiman/project/200a6e45-888a-439b-bbb4-85d988eac723?utm_source=github&utm_medium=referral&page=upgrade-pr
@google-cla Google CLA
Copy link

google-cla bot commented Sep 14, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bot: secret-rotator
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security finding in c8 versions 6, 7, and 8
2 participants
@WontonSam @snyk-bot