JamesWPritchett
commented
1 year ago Can we get the priority bumped up on this one? it's a security issues, not a "nice to have"
Closed JamesWPritchett closed 1 year ago
JamesWPritchett
commented
1 year ago Can we get the priority bumped up on this one? it's a security issues, not a "nice to have"
meredithslota
commented
1 year ago Hi @JamesWPritchett — apologies for the delay, I think this slipped through our triage process since you had added the type: feature request label when the issue was filed, and we triage feature requests on a different cadence than security issues. I believe we can update to gax-nodejs 3.5.8 now. Let me see if there are any blockers here.
Is your feature request related to a problem? Please describe. Vulnerability reports show TaffyDB as a risk. TaffyDB is used by JSDoc which is used by protobufjs-cli which is used by gax-nodejs which is used by this library. JSDoc recently updated their library to no longer use TaffyDB. protobufjs-cli updated their library to use the new JSDoc library Gax-NodeJs recently updated their library to use the new protobufjs-cli library. Now, we need this library to update the Gax-NodeJS references Describe the solution you'd like Update version of gax-nodejs used by this liibrary to 3.5.7 Describe alternatives you've considered none Additional context https://nvd.nist.gov/vuln/detail/CVE-2019-10790 https://cwe.mitre.org/data/definitions/668.html