Skip to content

[Snyk] Security upgrade @google-cloud/datastore from 6.6.2 to 7.0.0 #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
eswdd wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @google-cloud/datastore from 6.6.2 to 7.0.0 #67

eswdd wants to merge 1 commit into from

Conversation

@eswdd
Copy link
Owner

@eswdd eswdd commented Jul 6, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Prototype Pollution
SNYK-JS-PROTOBUFJS-5756498		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @google-cloud/datastore The new version differs by 34 commits.
  • 3862cff chore(main): release 7.0.0 (#946)
  • 51725fa feat: Query filters for datastore (#936)
  • faaec0d chore(deps): update dependency jsdoc-region-tag to v2 (#954)
  • a8b2821 chore(deps): update dependency jsdoc-fresh to v2 (#953)
  • d0d1037 build(node): add new jsteam + enforce branches up-to-date (#1451) (#951)
  • 9e10d7b docs: clarifications for `DatastoreFirestoreMigraitonMetadata` (#950)
  • ba6c190 fix: fixes for dynamic routing and streaming descriptors (#947)
  • eecf7ac build!: update library to use Node 12 (#945)
  • e117702 fix(deps): update dependency sinon to v14 (#943)
  • e0d3fb4 build: update auto approve to v2, remove release autoapproving (#1432) (#940)
  • af442ba chore(deps): update dependency @ types/mocha to v9 (#938)
  • 03317dc build(node): update client library version in samples metadata (#1356) (#937)
  • 1f50e21 chore: Change the Codeowner to cloud-native-db-dpes (#927)
  • aef00f8 feat: expose new read_time API fields, currently only available in private preview (#932)
  • 73f42c7 chore(deps): update actions/checkout action to v3 (#1392) (#930)
  • a1b0e0d chore(deps): update actions/setup-node action to v3 (#1393) (#929)
  • 9b33d4f chore: Enable Size-Label bot in all googleapis NodeJs repositories (#1382) (#928)
  • 6f22f0f chore: update v2.14.2 gapic-generator-typescript (#925)
  • 5e77010 chore(deps): update actions/checkout action to v3 (#923)
  • 5ed4944 docs(samples): include metadata file, add exclusions for samples to handwritten libraries (#921)
  • bb1e2a2 docs(nodejs): version support policy edits (#1346) (#920)
  • fa01bd4 fix(deps): update dependency sinon to v13 (#918)
  • fd21cf3 chore: update v2.12.0 gapic-generator-typescript (#915)
  • fddd914 chore(deps): update actions/setup-node action to v2 (#916)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eswdd @snyk-bot