Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the teeny-request dependency to version ^10.0.0. Feedback indicates that retry-request should also be updated to a version compatible with teeny-request v10 (e.g., ^7.0.2) to avoid dependency duplication and ensure the vulnerable version is fully removed from the dependency tree.
| "p-limit": "^3.0.1", | ||
| "retry-request": "^7.0.0", | ||
| "teeny-request": "^9.0.0", | ||
| "teeny-request": "^10.0.0", |
There was a problem hiding this comment.
Upgrading teeny-request to ^10.0.0 is incomplete because retry-request@^7.0.0 (line 91) still depends on teeny-request@^9.0.0. This results in dependency duplication and leaves the vulnerable version in the tree. To fully resolve the vulnerability and maintain a clean dependency tree, retry-request should also be updated to a version compatible with teeny-request v10 (e.g., ^7.0.2).
There was a problem hiding this comment.
I upgraded retry-request as well so that should address this comment.
…/google-cloud-node into teeny-request-storage
…/google-cloud-node into teeny-request-storage
…/google-cloud-node into teeny-request-storage
…/google-cloud-node into teeny-request-storage
…/google-cloud-node into teeny-request-storage
…/google-cloud-node into teeny-request-storage
1 participant
Description
Solves #7979. Addresses vulnerability mentioned by user much like the upgrade for retry-request for firestore.
Impact
Improves dependency health of codebase.