Skip to content

Upgrade @google-cloud/storage to address vulnerabilities #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aarsilv merged 2 commits into from
Dec 30, 2025
Merged

Upgrade @google-cloud/storage to address vulnerabilities #114

aarsilv merged 2 commits into from
Dec 30, 2025

Conversation

@aarsilv
Copy link
Contributor

@aarsilv aarsilv commented Dec 28, 2025
edited
Loading

Eppo Internal:
🎟️ Ticket: FFESUPPORT-419 - Address node-server-sdk high vulnerabilities

Motivation and Context

Address the following vulnerabilities:

Description

Upgrade dev dependency @google-cloud/storage which is what contained these vulnerabilities

How has this been documented?

n/a

How has this been tested?

Existing automated tests

@aarsilv aarsilv marked this pull request as ready for review December 28, 2025 01:57
greghuels
greghuels requested changes Dec 29, 2025
View reviewed changes
Copy link
Contributor

@greghuels greghuels left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jws is already upgraded to 4.0.1 by upgradging @google-cloud/storage, so we shouldn't explicitly add jws to the dependencies of this package.

greghuels
greghuels reviewed Dec 29, 2025
View reviewed changes
package.json Outdated
"dependencies": {
"@eppo/js-client-sdk-common": "4.15.2"
"@eppo/js-client-sdk-common": "4.15.2",
"jws": "^4.0.0"
Copy link
Contributor

@greghuels greghuels Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jws is already upgraded to 4.0.1 by upgradging @google-cloud/storage, so this line should be removed.

Copy link
Contributor Author

@aarsilv aarsilv Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh good catch!

@greghuels greghuels assigned aarsilv and unassigned greghuels Dec 30, 2025
@aarsilv aarsilv merged commit 0992f27 into main Dec 30, 2025
8 checks passed
@aarsilv aarsilv deleted the aarsilv/ffesupport-419/address-high-dependency-vulnerabilities branch December 30, 2025 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greghuels greghuels greghuels approved these changes

@sameerank sameerank Awaiting requested review from sameerank

@leoromanovsky leoromanovsky Awaiting requested review from leoromanovsky

Assignees

@aarsilv aarsilv

@sameerank sameerank

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aarsilv @greghuels @sameerank