Security Vulnerabilities in "uuid" & "fast-xml-parser" transitive dependencies for @google-cloud/storage latest version 7.19.0

### Please make sure you have searched for information in the following guides.

- [x] Search the issues already opened: https://github.com/GoogleCloudPlatform/google-cloud-node/issues
- [x] Search StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform+node.js
- [x] Check our Troubleshooting guide: https://github.com/googleapis/google-cloud-node/blob/main/docs/troubleshooting.md
- [x] Check our FAQ: https://github.com/googleapis/google-cloud-node/blob/main/docs/faq.md
- [x] Check our libraries HOW-TO: https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md
- [x] Check out our authentication guide: https://github.com/googleapis/google-auth-library-nodejs
- [x] Check out handwritten samples for many of our APIs: https://github.com/GoogleCloudPlatform/nodejs-docs-samples
- [x] Check the API's issue tracker: https://cloud.google.com/support/docs/issue-trackers

### Library Name

@google-cloud/storage

### A screenshot that you have tested with "Try this API".


Not applicable to this bug

### Link to the code that reproduces this issue. A link to a **public** Github Repository or gist with a minimal reproduction.


https://github.com/googleapis/google-cloud-node

### A step-by-step description of how to reproduce the issue, based on the linked reproduction.


There are security vulnerabilities in the "uuid" and "fast-xml-parser" transitive dependencies used by @google-cloud/storage v7.19.0 which we discovered when running the "npm audit" command in node.js

Please refer to these links for reference:

https://github.com/advisories/GHSA-gh4j-gqv2-49f6
https://github.com/advisories/GHSA-w5hq-g745-h8pq
Running "npm ls fast-xml-parser" shows this:
└─┬ @google-cloud/storage@7.19.0
└── fast-xml-parser@5.6.0

Running "npm ls uuid" shows this:
@google-cloud/storage@7.19.0
├─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ google-auth-library@9.15.1
│ └─┬ gtoken@7.1.0
│ └─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ teeny-request@9.0.0
│ └── uuid@9.0.1
└── uuid@8.3.2

Please advise if there are any plans to fix this vulnerability in @google-cloud/storage, or how we can handle it.

Thank you.

### A clear and concise description of what the bug is, and what you expected to happen.

There are security vulnerabilities in the "uuid" and "fast-xml-parser" transitive dependencies used by @google-cloud/storage v7.19.0 which we discovered when running the "npm audit" command in node.js

Please refer to these links for reference:

https://github.com/advisories/GHSA-gh4j-gqv2-49f6
https://github.com/advisories/GHSA-w5hq-g745-h8pq
Running "npm ls fast-xml-parser" shows this:
└─┬ @google-cloud/storage@7.19.0
└── fast-xml-parser@5.6.0

Running "npm ls uuid" shows this:
@google-cloud/storage@7.19.0
├─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ google-auth-library@9.15.1
│ └─┬ gtoken@7.1.0
│ └─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ teeny-request@9.0.0
│ └── uuid@9.0.1
└── uuid@8.3.2

Please advise if there are any plans to fix this vulnerability in @google-cloud/storage, or how we can handle it.

Thank you.

### A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **

There are security vulnerabilities in the "uuid" and "fast-xml-parser" transitive dependencies used by @google-cloud/storage v7.19.0 which we discovered when running the "npm audit" command in node.js

Please refer to these links for reference:

https://github.com/advisories/GHSA-gh4j-gqv2-49f6
https://github.com/advisories/GHSA-w5hq-g745-h8pq
Running "npm ls fast-xml-parser" shows this:
└─┬ @google-cloud/storage@7.19.0
└── fast-xml-parser@5.6.0

Running "npm ls uuid" shows this:
@google-cloud/storage@7.19.0
├─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ google-auth-library@9.15.1
│ └─┬ gtoken@7.1.0
│ └─┬ gaxios@6.7.1
│ └── uuid@9.0.1
├─┬ teeny-request@9.0.0
│ └── uuid@9.0.1
└── uuid@8.3.2

Please advise if there are any plans to fix this vulnerability in @google-cloud/storage, or how we can handle it.

Thank you.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerabilities in "uuid" & "fast-xml-parser" transitive dependencies for @google-cloud/storage latest version 7.19.0 #8134

Please make sure you have searched for information in the following guides.

Library Name

A screenshot that you have tested with "Try this API".

Link to the code that reproduces this issue. A link to a public Github Repository or gist with a minimal reproduction.

A step-by-step description of how to reproduce the issue, based on the linked reproduction.

A clear and concise description of what the bug is, and what you expected to happen.

A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Vulnerabilities in "uuid" & "fast-xml-parser" transitive dependencies for @google-cloud/storage latest version 7.19.0 #8134

Description

Please make sure you have searched for information in the following guides.

Library Name

A screenshot that you have tested with "Try this API".

Link to the code that reproduces this issue. A link to a public Github Repository or gist with a minimal reproduction.

A step-by-step description of how to reproduce the issue, based on the linked reproduction.

A clear and concise description of what the bug is, and what you expected to happen.

A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions