Skip to content

chore(core): Upgrade google-gax to address CVE-2024-37168 #15784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 2, 2025
Merged

chore(core): Upgrade google-gax to address CVE-2024-37168 #15784

merged 4 commits into from
Jun 2, 2025

Conversation

ivov
Copy link
Contributor

@ivov ivov commented May 28, 2025

Summary

Trivy is flagging @grpc/[email protected] which is pulled by [email protected], which addressed this here at v4.3.7. Hence this PR overrides google-gax to ^4.3.7

Related Linear tickets, Github issues, and Community forum posts

https://n8nio.slack.com/archives/C0789EN39RC/p1748276562295619

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed May 28, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cubic reviewed 1 file and found no issues. Review PR in cubic.dev.

@ivov ivov requested a review from afitzek May 28, 2025 08:59
@n8n-assistant n8n-assistant bot added the n8n team Authored by the n8n team label May 28, 2025
@codecov Codecov
Copy link

codecov bot commented May 28, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

📢 Thoughts on this report? Let us know!

@ivov ivov requested review from burivuhster and removed request for afitzek May 28, 2025 09:06
@ivov ivov requested review from CharlieKolb and shortstacked and removed request for burivuhster and CharlieKolb May 30, 2025 08:13
shortstacked
shortstacked previously approved these changes May 30, 2025
View reviewed changes
@ivov ivov requested a review from shortstacked May 30, 2025 12:16
@shortstacked
Copy link
Contributor

Workflow Test Results 📊 🔴 1 Failed, ⚠️ 3 Warnings, 👍 79 Successful out of 83 total workflows.

Detail: Workflows failing: 237: Workflow contains 1 deleted data. View full workflow run

Tested Ref: 97ce5d7b2aa46cd4daa48e6d5f90e8ae1be0ee02 by @shortstacked

❌ Failed Tests (1)

Workflow ID Workflow Name Reason
237 BasicLLMChain:AzureChat Workflow contains 1 deleted data.

⚠️ Warnings (3)

Workflow ID Workflow Name Reason
35 Slack:User:getPresence info:UserProfile:get update... Workflow contains new data that previously did not exist.
53 ConvertKit:CustomField:create getAll update delete... Workflow contains new data that previously did not exist.
257 Agent:auto-fix:anthropic Workflow contains new data that previously did not exist.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 2, 2025

✅ All Cypress E2E specs passed

@ivov ivov merged commit d0b42d6 into master Jun 2, 2025
36 checks passed
@ivov ivov deleted the upgrade-google-gax branch June 2, 2025 08:57
@janober
Copy link
Member

janober commented Jun 2, 2025

Got released with [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@shortstacked shortstacked shortstacked approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team Released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ivov @shortstacked @janober