Skip to content
This repository was archived by the owner on Mar 17, 2026. It is now read-only.
This repository was archived by the owner on Mar 17, 2026. It is now read-only.

Upgrade google-gax to 3.5.6 which doesn't include vulnerable taffydb package #1692

Closed
#1695
Closed
Upgrade google-gax to 3.5.6 which doesn't include vulnerable taffydb package#1692
#1695
Labels
api: pubsubIssues related to the googleapis/nodejs-pubsub API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@tomgrossman

Description

@tomgrossman
tomgrossman
opened on Mar 7, 2023
  1. Is this a client library issue or a product issue?
    library issue

Environment details

  • OS:
  • Node.js version: v18.12.1
  • npm version: 9.5.0
  • @google-cloud/pubsub version: 3.4.0

Steps to reproduce

  1. npm i @google-cloud/pubsub@3.4.0
  2. npm list taffydb:

image

The taffydb has some vulnerabilities

Upgrading google-gax to 3.5.6 will resolve this issue since taffydb is not a sub-dependency of it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    api: pubsubIssues related to the googleapis/nodejs-pubsub API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions