search

googleapis / nodejs-pubsub

Node.js client for Google Cloud Pub/Sub: Ingest event streams from anywhere, at any scale, for simple, reliable, real-time stream analytics.
https://cloud.google.com/pubsub/
Apache License 2.0
518 stars 228 forks source link

Update google-gax to 3.6.1 #1773

Closed praveendiwakar1 closed 1 year ago

praveendiwakar1 commented 1 year ago

Please Update the google-gaxversion to 3.6.1 as we have security vulnerability .

As mentioned here https://github.com/googleapis/nodejs-pubsub/issues/1768#issuecomment-1625998162 , this is on hold for now .

We are using google-cloud/pubsubwhich is consuming google-gax v.3.5.6 , https://github.com/googleapis/nodejs-pubsub/blob/main/package.json#L61C21-L61C26.

Now ,https://github.com/googleapis/gax-nodejs/issues/1466, shows they've made a fix in google-gax@3.6.1, so please update the google-gax to 3.6.1 [https://www.npmjs.com/package/google-gax] ,so it will resolve the security issue.

feywind commented 1 year ago

@praveendiwakar1 There's a PR to do the update. I'm not sure why renovate-bot didn't make a PR, but thanks for the note.