Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): upgrade pprof to v3.2.1 [security] #883

Merged
merged 1 commit into from
Jul 24, 2023
Merged

chore(deps): upgrade pprof to v3.2.1 [security] #883

merged 1 commit into from
Jul 24, 2023

Conversation

aabmass
Copy link
Collaborator

@aabmass aabmass commented Jul 21, 2023
edited
Loading

Fixes #879

This upgrade caused an issue where the proto definitions in protos/ are incompatible with those returned from pprof. The fix I assumed was to regenerate the protos with npm run protos, however this fails because the third_party directory was removed in #486.

To make things work, I instead just imported the same proto definitions from pprof library. I will delete the now unused protos/ directory for the next major version release as someone could theoretically have been importing them from build, just to be safe.

@aabmass aabmass requested review from a team as code owners July 21, 2023 16:55
@product-auto-label product-auto-label bot added size: s Pull request size is small. api: cloudprofiler Issues related to the googleapis/cloud-profiler-nodejs API. labels Jul 21, 2023
@codecov
Copy link

codecov bot commented Jul 21, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (b1c0660) 68.87% compared to head (e5d7839) 68.87%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #883   +/-   ##
=======================================
  Coverage   68.87%   68.87%           
=======================================
  Files           7        7           
  Lines        1253     1253           
  Branches       58       58           
=======================================
  Hits          863      863           
  Misses        389      389           
  Partials        1        1
Impacted Files Coverage Δ
src/profiler.ts 72.18% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@aabmass aabmass marked this pull request as draft July 21, 2023 19:38
@aabmass
chore(deps): upgrade pprof to v3.3.0 [security]
e5d7839 
This caused an issue where the proto definitions in `protos/` are
incompatible with those returned from pprof. The fix I assumed was to
regenerate the protos with `npm run protos`, however this fails because
the third_party directory was removed in googleapis#486.

To make things work, I instead just imported the same proto definitions
from pprof library. I will delete the now unused `protos/` directory for
the next major version release as someone could theoretically have been
importing them from build, just to be safe.
@aabmass aabmass changed the title chore(deps): upgrade pprof to v3.3.0 [security] chore(deps): upgrade pprof to v3.2.1 [security] Jul 24, 2023
@aabmass aabmass marked this pull request as ready for review July 24, 2023 15:44
@aabmass aabmass requested review from punya and psx95 July 24, 2023 15:44
@aabmass aabmass merged commit c61fb85 into googleapis:main Jul 24, 2023
@aabmass aabmass added the release-please:force-run To run release-please label Jul 24, 2023
@release-please release-please bot removed the release-please:force-run To run release-please label Jul 24, 2023
@aabmass aabmass deleted the upgrade-pprof branch July 24, 2023 17:51
aabmass added a commit that referenced this pull request Jul 24, 2023
@aabmass
Revert "chore(deps): upgrade pprof to v3.3.0 [security] (#883)"
9142fc7 
This reverts commit c61fb85.
@aabmass aabmass mentioned this pull request Jul 24, 2023
Merged
aabmass added a commit that referenced this pull request Jul 24, 2023
@aabmass
Revert "chore(deps): upgrade pprof to v3.3.0 [security] (#883)" (#884)
56e5eb7 
This reverts commit c61fb85.
aabmass added a commit to aabmass/cloud-profiler-nodejs that referenced this pull request Jul 24, 2023
@aabmass
fix(deps): upgrade pprof to v3.2.1 [security]
98966ae 
Fixes googleapis#879, take two of googleapis#883 with correct commit message.

This caused an issue where the proto definitions in `protos/` are incompatible with those returned from pprof. The fix I assumed was to regenerate the protos with `npm run protos`, however this fails because the third_party directory was removed in googleapis#486.

To make things work, I instead just imported the same proto definitions from pprof library. I will delete the now unused `protos/` directory for the next major version release as someone could theoretically have been importing them from build, just to be safe.
@aabmass aabmass mentioned this pull request Jul 24, 2023
Merged
aabmass added a commit that referenced this pull request Jul 24, 2023
@aabmass
fix(deps): upgrade pprof to v3.2.1 [security] (#885)
c140fe5 
Fixes #879, take two of #883 with correct commit message.

This caused an issue where the proto definitions in `protos/` are incompatible with those returned from pprof. The fix I assumed was to regenerate the protos with `npm run protos`, however this fails because the third_party directory was removed in #486.

To make things work, I instead just imported the same proto definitions from pprof library. I will delete the now unused `protos/` directory for the next major version release as someone could theoretically have been importing them from build, just to be safe.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psx95 psx95 psx95 approved these changes

@punya punya Awaiting requested review from punya

Assignees
No one assigned
Labels
api: cloudprofiler Issues related to the googleapis/cloud-profiler-nodejs API. size: s Pull request size is small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4
2 participants
@aabmass @psx95