Skip to content

Security vulnerability with fast-xml-parser dependency #2504

New issue
New issue
Closed
#2505
Closed
Security vulnerability with fast-xml-parser dependency#2504
#2505
Assignees
ddelgrosso1
Labels
api: storageIssues related to the googleapis/nodejs-storage API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@jillrobinson-honey

Description

@jillrobinson-honey
jillrobinson-honey
opened on Aug 2, 2024

Environment details

  • @google-cloud/storage version: 7.12.0

@google-cloud/storage has a dependency on the fast-xml-parser package, and a ReDoS vulnerability was reported on that package a few days ago. I see you're using v4.3.2 which contains the vulnerability, but there was a safe version (4.4.1) released to fix the vulnerability. Could you upgrade the package to >= 4.4.1 use a safe version of fast-xml-parser?

Metadata

Metadata

Assignees

Labels

api: storageIssues related to the googleapis/nodejs-storage API.priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions