Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency @google-cloud/firestore to v7 [security] - autoclosed #628

Conversation

renovate-bot
Copy link
Contributor

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@google-cloud/firestore ^5.0.0 -> ^7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue


Release Notes

googleapis/nodejs-firestore (@​google-cloud/firestore)

v7.7.0

Compare Source

Features
  • Add several fields to manage state of database encryption update (5811492)
  • Lazy-started transactions (#​2017) (2c726a1)
Bug Fixes

v7.6.0

Compare Source

Features

v7.5.0

Compare Source

Features

v7.4.0

Compare Source

Features
  • A new message Backup is added (#​2021) (6bced86)
  • A new message BackupSchedule is added (6bced86)
  • A new message CreateBackupScheduleRequest is added (6bced86)
  • A new message DailyRecurrence is added (6bced86)
  • A new message DeleteBackupRequest is added (6bced86)
  • A new message DeleteBackupScheduleRequest is added (6bced86)
  • A new message GetBackupRequest is added (6bced86)
  • A new message GetBackupScheduleRequest is added (6bced86)
  • A new message ListBackupSchedulesRequest is added (6bced86)
  • A new message ListBackupSchedulesResponse is added (6bced86)
  • A new message ListBackupsRequest is added (6bced86)
  • A new message ListBackupsResponse is added (6bced86)
  • A new message RestoreDatabaseMetadata is added (6bced86)
  • A new message RestoreDatabaseRequest is added (6bced86)
  • A new message UpdateBackupScheduleRequest is added (6bced86)
  • A new message WeeklyRecurrence is added (6bced86)
  • A new method CreateBackupSchedule is added to service FirestoreAdmin (6bced86)
  • A new method DeleteBackup is added to service FirestoreAdmin (6bced86)
  • A new method DeleteBackupSchedule is added to service FirestoreAdmin (6bced86)
  • A new method GetBackup is added to service FirestoreAdmin (6bced86)
  • A new method GetBackupSchedule is added to service FirestoreAdmin (6bced86)
  • A new method ListBackups is added to service FirestoreAdmin (6bced86)
  • A new method ListBackupSchedules is added to service FirestoreAdmin (6bced86)
  • A new method RestoreDatabase is added to service FirestoreAdmin (6bced86)
  • A new method UpdateBackupSchedule is added to service FirestoreAdmin (6bced86)
  • A new resource_definition firestore.googleapis.com/Backup is added (6bced86)
  • A new resource_definition firestore.googleapis.com/BackupSchedule is added (6bced86)
  • Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#​2013) (e598b9d)
Bug Fixes

v7.3.1

Compare Source

Bug Fixes

v7.3.0

Compare Source

Features
  • Expose the undeliverable_first_gen_event.proto (b4f7d60)
Bug Fixes
  • Allow an explicit MustExist precondition for update (#​1985) (99d60a6)
  • Fix redaction of credentials in Firestore settings (#​1989) (98e668b)
  • Improve retry logic for streaming API calls (b4f7d60)
  • Removed unsupported QueryMode, QueryPlan, and ResultSetStats protos (b4f7d60)

v7.2.0

Compare Source

Features
Bug Fixes

v7.1.0

Compare Source

Features

v7.0.0

Compare Source

⚠ BREAKING CHANGES
  • upgrade to Node 14 (#​1900)
  • Fix the UpdateData incorrect parameter type issue (#​1887)
Features
Bug Fixes
Miscellaneous Chores

v6.8.0

Compare Source

Features
Bug Fixes

v6.7.0

Compare Source

Features
Bug Fixes

v6.6.1

Compare Source

Bug Fixes
  • Updated logging in the client pool and client factory to log information about the required transport and actual transport used. (#​1853) (fe03d02)

v6.6.0

Compare Source

Features
  • Add ApiScope and COLLECTION_RECURSIVE query_scope for Firestore index (#​1849) (b671452)
  • Add bloom filter related proto fields (#​1843) (b64e0c1)
  • Add support for environment variable FIRESTORE_PREFER_REST (#​1848) (96b1d2a)

v6.5.0

Compare Source

Features
Bug Fixes

v6.4.3

Compare Source

Bug Fixes
  • deps: Use google-gax v3.5.3 (#​1818) (88981ad)
  • Emulator support for system tests. Run system tests against the emulator using: yarn system-test:grpc:emulator or yarn system-test:rest:emulator (8aedc63)
  • Update the depth validation used when writing documents, so that it matches the validation of the Firestore backend. (789d9eb)

v6.4.2

Compare Source

Bug Fixes
  • deps: Use google-gax v3.5.2 (#​1794) (b1a0313)
  • Ensure that the client pool consistently uses gRPC clients after transitioning from REST (3068361)
  • Fix duplicates in Query.stream() with back pressure (#​1806) (a5b680d)

v6.4.1

Compare Source

Bug Fixes
  • Force use of http by the GAX module when using the GAX fallback and connecting to the emulator (#​1788) (50747ad)

v6.4.0

Compare Source

Features
Bug Fixes

v6.3.0

Compare Source

Features
Bug Fixes
  • Tests will now verify asynchronous termination of underlying steam, and fix related bug. (#​1772) (a1717ff)

v6.2.0

Compare Source

Features
Bug Fixes
  • Minify proto JSON files (#​1771) (6393fe7)
  • Remove hack in update.sh, and replace with existing pattern for protobuf dependencies. (#​1769) (6ba6751)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • update library to use Node 12 (#​1725)
Features
Bug Fixes
Build System
5.0.2 (2022-01-07)
Bug Fixes
5.0.1 (2021-12-02)
Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@dpebot
Copy link
Collaborator

dpebot commented May 9, 2024

/gcbrun

@renovate-bot renovate-bot changed the title fix(deps): update dependency @google-cloud/firestore to v7 [security] fix(deps): update dependency @google-cloud/firestore to v7 [security] - autoclosed May 9, 2024
@renovate-bot renovate-bot deleted the renovate/npm-@google-cloud/firestore-vulnerability branch May 9, 2024 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants