cloud-profiler-nodejs icon indicating copy to clipboard operation
cloud-profiler-nodejs copied to clipboard
verified publisher icon googleapis

Bump parse-duration to >=2.1.3

Open kdawgwilk opened this issue 1 year ago • 4 comments

GitHub has the following security advisory for the parse-duration package that this library depends on

https://github.com/advisories/GHSA-hcrg-fc28-fcg5

This package currently depends on parse-duration = ^1.0.0 but the patched version is in ^2.1.3.

kdawgwilk avatar Feb 13 '25 22:02 kdawgwilk

Any updates on this one?

klon avatar Feb 25 '25 12:02 klon

Any updates?

muhammedmirzakilic avatar Mar 05 '25 02:03 muhammedmirzakilic

We are coming up on SLAs to have this fixed and would love for the fix to be as simple as just bumping this lib version.

kdawgwilk avatar Mar 09 '25 06:03 kdawgwilk

Any updates on this, can we please merge it!?

agjs avatar Mar 19 '25 14:03 agjs

Apologies for the slow response here. I can't simply merge the PR because parse-duration v2 only supports ESM. I'm a little out of the loop on how to support that in our setup, without breaking other users.

aabmass avatar Apr 08 '25 22:04 aabmass

I'll close this once the fix is published

aabmass avatar Apr 09 '25 16:04 aabmass

Hey guys, you forget to publish new version

kirylsvtisiankou avatar Apr 11 '25 08:04 kirylsvtisiankou

Fix is merged, but no new available

kirylsvtisiankou avatar Apr 11 '25 08:04 kirylsvtisiankou

6.0.3 is released

aabmass avatar Apr 14 '25 19:04 aabmass