Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update fast-xml-parser to 4.4.1 due to security vulnerability #2505

Merged
merged 1 commit into from
Aug 7, 2024
Merged

fix(deps): update fast-xml-parser to 4.4.1 due to security vulnerability #2505

merged 1 commit into from
Aug 7, 2024

Conversation

ddelgrosso1
Copy link
Contributor

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #2504 🦕

@ddelgrosso1 ddelgrosso1 marked this pull request as ready for review August 5, 2024 14:41
@ddelgrosso1 ddelgrosso1 requested review from a team as code owners August 5, 2024 14:41
@ddelgrosso1 ddelgrosso1 added the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 5, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 5, 2024
@ddelgrosso1 ddelgrosso1 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 5, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 5, 2024
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/nodejs-storage API. label Aug 6, 2024
@husf-dsheremata
Copy link

Bump! Eagerly awaiting for this to get merged, so we can squash our security review findings!

Tx!

@ddelgrosso1
Copy link
Contributor Author

@husf-dsheremata since we don't provide a package-lock.json with our releases it should be possible to update on the application side, no?

@husf-dsheremata
Copy link

@husf-dsheremata since we don't provide a package-lock.json with our releases it should be possible to update on the application side, no?

Good point - thanks!

Even still, it's cleaner and easier to just wait for your fix.

Much appreciated!

@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Aug 7, 2024
@ddelgrosso1 ddelgrosso1 changed the title chore(deps): update fast-xml-parser to 4.4.1 fix(deps): update fast-xml-parser to 4.4.1 Aug 7, 2024
@ddelgrosso1 ddelgrosso1 added the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 7, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Aug 7, 2024
@ddelgrosso1 ddelgrosso1 changed the title fix(deps): update fast-xml-parser to 4.4.1 fix(deps): update fast-xml-parser to 4.4.1 due to security vulnerability Aug 7, 2024
@ddelgrosso1 ddelgrosso1 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 7, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Aug 7, 2024
@ddelgrosso1 ddelgrosso1 merged commit b97d474 into googleapis:main Aug 7, 2024
16 checks passed
@ddelgrosso1 ddelgrosso1 deleted the update-fxml branch August 7, 2024 19:16
@release-please release-please bot mentioned this pull request Aug 7, 2024
Merged
@ddelgrosso1
Copy link
Contributor Author

@husf-dsheremata this was released with version 7.12.1. Thanks for bringing it to our attention!

@abdoghazy2015 abdoghazy2015 mentioned this pull request Aug 29, 2024
Open
This was referenced Sep 3, 2024
Open
Open
@Stanislav1975 Stanislav1975 mentioned this pull request Sep 9, 2024
Open
@WontonSam WontonSam mentioned this pull request Sep 10, 2024
Open
This was referenced Sep 12, 2024
Open
Open
Open
@WontonSam WontonSam mentioned this pull request Sep 15, 2024
Open
This was referenced Sep 17, 2024
Open
Open
@WontonSam WontonSam mentioned this pull request Sep 19, 2024
Open
This was referenced Sep 19, 2024
Open
Open
@WontonSam WontonSam mentioned this pull request Sep 21, 2024
Open
This was referenced Sep 21, 2024
Open
Open
@WontonSam WontonSam mentioned this pull request Oct 1, 2024
Open
@WontonSam WontonSam mentioned this pull request Oct 19, 2024
Open
@WontonSam WontonSam mentioned this pull request Oct 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielbankhead danielbankhead danielbankhead approved these changes

@danielduhh danielduhh danielduhh approved these changes

Assignees
No one assigned
Labels
api: storage Issues related to the googleapis/nodejs-storage API. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security vulnerability with fast-xml-parser dependency
5 participants
@ddelgrosso1 @husf-dsheremata @danielduhh @danielbankhead @yoshi-kokoro