fix: octokit request/request-error sec vuln fixes #5689

ldetmer · 2025-03-10T17:44:04Z

update all probot/octokit dependencies to use request 8.4.1 and request-error 5.1.1

We can not upgrade to latest octokit version because of breaking migration to ESM that probot does not support.

Tested via canary bot: #5691

Fixes #2079

BEGIN_COMMIT_OVERRIDE
fix!: octokit request/request-error sec vuln fixes
END_COMMIT_OVERRIDE

…es 9.2.2/8.4.1 and request-error 5.1.1

packages/gcf-utils/package.json

ldetmer added 5 commits March 10, 2025 13:42

fix: update all request/request-error dependencies to use octokit fix…

7c4d683

…es 9.2.2/8.4.1 and request-error 5.1.1

remove auth-app upgrade to ESM support

ac4aeb7

remove rest of octokit library upgrades with ESM support

dd91bac

remove rest of octokit library upgrades with ESM support

d18443a

add back necessary imports

50769d0

ldetmer assigned chingor13, meltsufin and suztomo Mar 10, 2025

chingor13 reviewed Mar 10, 2025

View reviewed changes

packages/gcf-utils/package.json Outdated Show resolved Hide resolved

removed overrides

b95546a

ldetmer marked this pull request as ready for review March 10, 2025 22:50

ldetmer requested a review from a team as a code owner March 10, 2025 22:50

ldetmer requested a review from chingor13 March 10, 2025 23:05

chingor13 approved these changes Mar 10, 2025

View reviewed changes

ldetmer merged commit 232ca85 into main Mar 11, 2025
19 checks passed

ldetmer deleted the octo-sec-vuln branch March 11, 2025 15:40

release-please bot mentioned this pull request Mar 11, 2025

chore: release main #5694

Merged

chingor13 added the release-please:force-run To run release-please label Mar 11, 2025

release-please bot removed the release-please:force-run To run release-please label Mar 11, 2025

Provide feedback