Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: gcp version bump to resolve security risk #1467

Closed
wants to merge 4 commits into from
Closed

fix: gcp version bump to resolve security risk #1467

wants to merge 4 commits into from

Conversation

bbehnke
Copy link

@bbehnke bbehnke commented Aug 27, 2020

Which problem is this PR solving?

Resolves a high risk security vulnerability found in gcp-metadata > [email protected].
https://snyk.io/vuln/SNYK-JS-JSONBIGINT-608659

Short description of the changes

Updated from dependency from gcp-metadata@^3.5.0 to gcp-metadata@^4.1.4. gcp-metadata@^4.1.4 uses json-bigint@^1.0.0 which resolves the security risk.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Aug 27, 2020
edited
Loading

CLA Check

@codecov
Copy link

codecov bot commented Aug 27, 2020
edited
Loading

Codecov Report

Merging #1467 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1467   +/-   ##
=======================================
  Coverage   93.85%   93.85%           
=======================================
  Files         153      153           
  Lines        4656     4656           
  Branches      960      960           
=======================================
  Hits         4370     4370           
  Misses        286      286

@dyladan dyladan mentioned this pull request Aug 27, 2020
Merged
@bbehnke bbehnke closed this Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dyladan dyladan Awaiting requested review from dyladan

@legendecas legendecas Awaiting requested review from legendecas

@markwolff markwolff Awaiting requested review from markwolff

@mayurkale22 mayurkale22 Awaiting requested review from mayurkale22

@mwear mwear Awaiting requested review from mwear

@naseemkullah naseemkullah Awaiting requested review from naseemkullah

@obecny obecny Awaiting requested review from obecny

@OlivierAlbertini OlivierAlbertini Awaiting requested review from OlivierAlbertini

@vmarchaud vmarchaud Awaiting requested review from vmarchaud

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bbehnke