Skip to content

Commit

Permalink
fix(deps): Update golang.org/x/net and @google-cloud/spanner to fix v…
Browse files Browse the repository at this point in the history 
…ulnerabilities. (#272)

* build(deps): Bump golang.org/x/net (#271)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(deps): Update spanner to 7.6.0 to fix vulnerability

Spanner 6.16.0 depends on vulnerable version of protobufjs

protobufjs  7.0.0 - 7.2.4
Severity: critical
protobufjs Prototype Pollution vulnerability - GHSA-h755-8qp9-cq85
fix available via `npm audit fix --force`
Will install @google-cloud/[email protected], which is a breaking change
poller/node_modules/@google-cloud/spanner/node_modules/protobufjs
scaler/scaler-core/node_modules/google-gax/node_modules/protobufjs
  google-gax  2.2.1-pre - 2.2.1-pre.2 || 2.28.2-alpha.1 - 2.28.4-alpha.1 || 3.1.4 - 4.0.3
  Depends on vulnerable versions of protobufjs
  poller/node_modules/@google-cloud/spanner/node_modules/google-gax
  scaler/scaler-core/node_modules/google-gax
    @google-cloud/firestore  6.1.0-pre.0 - 6.8.0
    Depends on vulnerable versions of google-gax
    scaler/scaler-core/node_modules/@google-cloud/firestore
    @google-cloud/spanner  6.3.0 - 6.16.0
    Depends on vulnerable versions of google-gax
    poller/node_modules/@google-cloud/spanner
    scaler/scaler-core/node_modules/@google-cloud/spanner

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
@nielm @dependabot
nielm and dependabot[bot] authored Apr 19, 2024
1 parent 713969b commit f4e1158
Show file tree
Hide file tree
Showing 9 changed files with 3,588 additions and 9,035 deletions.
7,193 changes: 2,609 additions & 4,584 deletions src/package-lock.json
View file

Large diffs are not rendered by default.

1,010 changes: 77 additions & 933 deletions src/poller/package-lock.json
View file

Large diffs are not rendered by default.

1,800 changes: 531 additions & 1,269 deletions src/poller/poller-core/package-lock.json
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/poller/poller-core/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"@google-cloud/functions-framework": "^3.3.0",
"@google-cloud/monitoring": "^4.0.0",
"@google-cloud/pubsub": "^4.3.3",
"@google-cloud/spanner": "^6.16.0",
"@google-cloud/spanner": "^7.6.0",
"autoscaler-common": "file:../../autoscaler-common",
"axios": "^1.6.8",
"express": "^4.19.2"
Expand Down
1,305 changes: 183 additions & 1,122 deletions src/scaler/package-lock.json
View file

Large diffs are not rendered by default.

Loading

0 comments on commit f4e1158

Please sign in to comment.