Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@
"generate-scaffolding": "repo-tools generate all && repo-tools generate lib_samples_readme -l samples/ --config ../.cloud-repo-tools.json"
},
"dependencies": {
"@google-cloud/common": "^0.18.0",
"@google-cloud/common": "^5.0.0",
"arrify": "^1.0.0",
"async-each": "^1.0.1",
"extend": "^3.0.1",
"google-auto-auth": "^0.10.1",
"google-gax": "^0.17.0",
"google-gax": "^4.0.1",
Comment on lines +63 to +68
Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The pull request upgrades @google-cloud/common from ^0.18.0 to ^5.0.0 and google-gax from ^0.17.0 to ^4.0.1. These are major version bumps that introduce significant breaking changes.

This project (@google-cloud/pubsub version 0.16.2) is deeply integrated with the older versions of these libraries. The new versions have completely different APIs. For example:

  • The code uses common.paginator and common.util, which have likely been changed or removed in @google-cloud/common@5.0.0.
  • The code extensively uses google-gax APIs like gax.grpc(), gax.PathTemplate, gax.PageDescriptor, gax.BundleDescriptor, and gax.createApiCall. These APIs have changed significantly in google-gax@4.x.

Simply bumping the versions in package.json without refactoring the code to use the new APIs will break the project. While fixing the security vulnerabilities is important, this change will render the library non-functional.

To properly fix this, the entire library needs to be updated to use the modern APIs of its dependencies, or a version of the dependencies should be chosen that is compatible and does not contain the vulnerabilities, if one exists. Given the age of this library, it might be better to upgrade @google-cloud/pubsub itself to a much more recent version, which would include fixes for these and other issues.

"google-proto-files": "^0.20.0",
"grpc": "^1.8.4",
"is": "^3.0.1",
Expand Down
Loading