Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore: bump gcp-metadata #1469

Merged
merged 4 commits into from
Aug 31, 2020
Merged

chore: bump gcp-metadata #1469

merged 4 commits into from
Aug 31, 2020

Conversation

dyladan
Copy link
Member

@dyladan dyladan commented Aug 27, 2020

Replaces #1467

Original Issue Description

Which problem is this PR solving?

Resolves a high risk security vulnerability found in gcp-metadata > json-bigint@0.3.1.
https://snyk.io/vuln/SNYK-JS-JSONBIGINT-608659

Short description of the changes

Updated from dependency from gcp-metadata@^3.5.0 to gcp-metadata@^4.1.4. gcp-metadata@^4.1.4 uses json-bigint@^1.0.0 which resolves the security risk.

@codecov
Copy link

codecov bot commented Aug 27, 2020
edited
Loading

Codecov Report

Merging #1469 into master will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1469      +/-   ##
==========================================
+ Coverage   93.99%   94.01%   +0.02%     
==========================================
  Files         153      153              
  Lines        4659     4662       +3     
  Branches      960      962       +2     
==========================================
+ Hits         4379     4383       +4     
+ Misses        280      279       -1
Impacted Files Coverage Δ
...resource-detector-gcp/src/detectors/GcpDetector.ts 95.55% <100.00%> (+0.31%) ⬆️
...emetry-core/src/platform/node/RandomIdGenerator.ts 93.75% <0.00%> (+6.25%) ⬆️

@dyladan
chore: bump gcp-metadata
19c7b17 
bump minimum node ver for gcp detector

Co-authored-by: Bradley Behnke <bradley_behnke@intuit.com>
@dyladan dyladan force-pushed the gcp-metadata-bump branch from 494f924 to 19c7b17 Compare August 27, 2020 19:14
@dyladan dyladan added the enhancement New feature or request label Aug 31, 2020
@dyladan dyladan merged commit 40242ae into open-telemetry:master Aug 31, 2020
@Flarna Flarna deleted the gcp-metadata-bump branch November 30, 2020 11:40
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@mwear mwear mwear approved these changes

@vmarchaud vmarchaud vmarchaud approved these changes

@markwolff markwolff markwolff approved these changes

@mayurkale22 mayurkale22 mayurkale22 approved these changes

@legendecas legendecas Awaiting requested review from legendecas

@naseemkullah naseemkullah Awaiting requested review from naseemkullah

@obecny obecny Awaiting requested review from obecny

@OlivierAlbertini OlivierAlbertini Awaiting requested review from OlivierAlbertini

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dyladan @mwear @vmarchaud @markwolff @mayurkale22