From 9aabab228894584ec31a827c2ffa77b089ffdb80 Mon Sep 17 00:00:00 2001 From: CloudQuery Bot <102256036+cq-bot@users.noreply.github.com> Date: Tue, 11 Jun 2024 01:22:20 +0300 Subject: [PATCH 1/3] fix(deps): Update dependency @grpc/grpc-js to v1.10.9 [SECURITY] (#178) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@grpc/grpc-js](https://grpc.io/) ([source](https://togithub.com/grpc/grpc-node)) | dependencies | patch | [`1.10.8` -> `1.10.9`](https://renovatebot.com/diffs/npm/@grpc%2fgrpc-js/1.10.8/1.10.9) | ### GitHub Vulnerability Alerts #### [CVE-2024-37168](https://togithub.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86) ### Impact There are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. ### Patches This has been patched in versions 1.10.9, 1.9.15, and 1.8.22 --- ### Release Notes
grpc/grpc-node (@​grpc/grpc-js) ### [`v1.10.9`](https://togithub.com/grpc/grpc-node/releases/tag/%40grpc/grpc-js%401.10.9): @​grpc/grpc-js 1.10.9 [Compare Source](https://togithub.com/grpc/grpc-node/compare/@grpc/grpc-js@1.10.8...@grpc/grpc-js@1.10.9) - Avoid buffering significantly more than `grpc.max_receive_message_size` per received message.
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index e4a78fd..6cc1530 100644 --- a/package-lock.json +++ b/package-lock.json @@ -384,9 +384,9 @@ } }, "node_modules/@grpc/grpc-js": { - "version": "1.10.8", - "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.8.tgz", - "integrity": "sha512-vYVqYzHicDqyKB+NQhAc54I1QWCBLCrYG6unqOIcBTHx+7x8C9lcoLj3KVJXs2VB4lUbpWY+Kk9NipcbXYWmvg==", + "version": "1.10.9", + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.9.tgz", + "integrity": "sha512-5tcgUctCG0qoNyfChZifz2tJqbRbXVO9J7X6duFcOjY3HUNCxg5D0ZCK7EP9vIcZ0zRpLU9bWkyCqVCLZ46IbQ==", "license": "Apache-2.0", "dependencies": { "@grpc/proto-loader": "^0.7.13", From e80c25f71fed28e4fa8eae4486373becdb895073 Mon Sep 17 00:00:00 2001 From: CloudQuery Bot <102256036+cq-bot@users.noreply.github.com> Date: Tue, 11 Jun 2024 14:21:46 +0300 Subject: [PATCH 2/3] fix(deps): Update dependency @cloudquery/plugin-pb-javascript to ^0.0.20 (#180) --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6cc1530..11984ed 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MPL-2.0", "dependencies": { "@apache-arrow/esnext-esm": "^12.0.1", - "@cloudquery/plugin-pb-javascript": "^0.0.19", + "@cloudquery/plugin-pb-javascript": "^0.0.20", "@grpc/grpc-js": "^1.9.0", "@types/luxon": "^3.3.1", "ajv": "^8.12.0", @@ -264,9 +264,9 @@ } }, "node_modules/@cloudquery/plugin-pb-javascript": { - "version": "0.0.19", - "resolved": "https://registry.npmjs.org/@cloudquery/plugin-pb-javascript/-/plugin-pb-javascript-0.0.19.tgz", - "integrity": "sha512-22LB7dVE/X6gVEkJ/zYoARn8X1+pVBdfkmaOIQHA+lvVstKBXeRL7zMD4V88+HGb1KJ0El2yn0Ch81p42wyQgQ==", + "version": "0.0.20", + "resolved": "https://registry.npmjs.org/@cloudquery/plugin-pb-javascript/-/plugin-pb-javascript-0.0.20.tgz", + "integrity": "sha512-cevPuYeobMOpJj0DLYBwjN10Lkca5zUg5QQz9t53xFJ47OckSVoV2Nry7I8NaYZOmshUf2AUQh8PKQd8KQE3Iw==", "license": "MPL-2.0", "dependencies": { "google-protobuf": "^3.21.2" diff --git a/package.json b/package.json index b290d10..1581f5d 100644 --- a/package.json +++ b/package.json @@ -88,7 +88,7 @@ }, "dependencies": { "@apache-arrow/esnext-esm": "^12.0.1", - "@cloudquery/plugin-pb-javascript": "^0.0.19", + "@cloudquery/plugin-pb-javascript": "^0.0.20", "@grpc/grpc-js": "^1.9.0", "@types/luxon": "^3.3.1", "ajv": "^8.12.0", From 33ca7505187c89f9df8ed212aa2e07af2f5b1e68 Mon Sep 17 00:00:00 2001 From: CloudQuery Bot <102256036+cq-bot@users.noreply.github.com> Date: Tue, 11 Jun 2024 14:31:24 +0300 Subject: [PATCH 3/3] chore(main): Release v0.1.13 (#179) :robot: I have created a release *beep* *boop* --- ## [0.1.13](https://github.com/cloudquery/plugin-sdk-javascript/compare/v0.1.12...v0.1.13) (2024-06-11) ### Bug Fixes * **deps:** Update dependency @cloudquery/plugin-pb-javascript to ^0.0.20 ([#180](https://github.com/cloudquery/plugin-sdk-javascript/issues/180)) ([e80c25f](https://github.com/cloudquery/plugin-sdk-javascript/commit/e80c25f71fed28e4fa8eae4486373becdb895073)) * **deps:** Update dependency @grpc/grpc-js to v1.10.9 [SECURITY] ([#178](https://github.com/cloudquery/plugin-sdk-javascript/issues/178)) ([9aabab2](https://github.com/cloudquery/plugin-sdk-javascript/commit/9aabab228894584ec31a827c2ffa77b089ffdb80)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --- .release-please-manifest.json | 2 +- CHANGELOG.md | 8 ++++++++ package-lock.json | 4 ++-- package.json | 2 +- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 93fcfa2..0ebd1f6 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.1.12" + ".": "0.1.13" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b8eab9..fa9e7d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## [0.1.13](https://github.com/cloudquery/plugin-sdk-javascript/compare/v0.1.12...v0.1.13) (2024-06-11) + + +### Bug Fixes + +* **deps:** Update dependency @cloudquery/plugin-pb-javascript to ^0.0.20 ([#180](https://github.com/cloudquery/plugin-sdk-javascript/issues/180)) ([e80c25f](https://github.com/cloudquery/plugin-sdk-javascript/commit/e80c25f71fed28e4fa8eae4486373becdb895073)) +* **deps:** Update dependency @grpc/grpc-js to v1.10.9 [SECURITY] ([#178](https://github.com/cloudquery/plugin-sdk-javascript/issues/178)) ([9aabab2](https://github.com/cloudquery/plugin-sdk-javascript/commit/9aabab228894584ec31a827c2ffa77b089ffdb80)) + ## [0.1.12](https://github.com/cloudquery/plugin-sdk-javascript/compare/v0.1.11...v0.1.12) (2024-06-03) diff --git a/package-lock.json b/package-lock.json index 11984ed..5926d79 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@cloudquery/plugin-sdk-javascript", - "version": "0.1.12", + "version": "0.1.13", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@cloudquery/plugin-sdk-javascript", - "version": "0.1.12", + "version": "0.1.13", "license": "MPL-2.0", "dependencies": { "@apache-arrow/esnext-esm": "^12.0.1", diff --git a/package.json b/package.json index 1581f5d..a377467 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@cloudquery/plugin-sdk-javascript", - "version": "0.1.12", + "version": "0.1.13", "files": [ "dist", "!dist/**/*.test.*",