Skip to content
This repository was archived by the owner on Sep 27, 2022. It is now read-only.

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @google-cloud/datastore The new version differs by 77 commits.
  • 9933893 Release v3.1.0 (#327)
  • 7d9f77f build: create docs test npm scripts (#328)
  • 8a99d56 refactor: clean up types for tests (#325)
  • 9b39431 refactor: asyncify the system test (#324)
  • e8c72a2 build: test using @ grpc/grpc-js in CI (#323)
  • a2acca3 refactor(types): enable noImplicitAny for transaction.ts & request.ts (#305)
  • dc66029 docs: update contributing path in README (#322)
  • 315207a chore: move CONTRIBUTING.md to root (#321)
  • f45a5c0 docs: add lint/fix example to contributing guide (#319)
  • 95e127b Automerge by dpebot
  • a61b680 fix(deps): update dependency google-gax to ^0.25.0 (#316)
  • fd8248f docs(samples): Update Datastore snippet for read only transaction
  • a5cf576 chore(deps): update dependency eslint-config-prettier to v4 (#313)
  • 98e5899 feat: typings for gapic files (#307)
  • 61b4114 fix(deps): update dependency google-gax to ^0.24.0 (#312)
  • 860e209 build: ignore googleapis.com in doc link check (#311)
  • 51a5ce5 fix(types): Make gaxOptions optional in Transaction.rollback() (#310)
  • 4cd6019 docs(key): copy Datastore#key examples to Key ctor (#306)
  • 8a4a985 fix(deps): update dependency google-auth-library to v3 (#302)
  • f8a5240 chore: update year in the license headers. (#304)
  • 401b2e1 Release v3.0.1 (#301)
  • 177b11b fix: ship the build directory (#300)
  • 70ea500 build: check broken links in generated docs (#292)
  • f839e58 Release v3.0.0 (#298)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant