Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can
10BC0
also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 7 commits
- 42 files changed
- 6 contributors
Commits on Sep 17, 2025
-
build: configure release builds using multi-scm (#2552)
Source-Link: googleapis/synthtool@8200f93 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:22e41dd7cd82683fa338b647abcc3a29ddb1b17e800b089adc0bec0a3175312c Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <85250797+ddelgrosso1@users.noreply.github.com>
3 people authoredSep 17, 2025 -
chore: fix
npmfor Node v18 samples tests (#2557)* chore: fix `npm` for Node v18 samples tests chore: fix `npm` for samples tests Source-Link: googleapis/synthtool@4d75242 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:0d39e59663287ae929c1d4ccf8ebf7cef9946826c9b86eda7e85d8d752dbb584 * re-add deleted env var * ignore samples-test.sh --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <85250797+ddelgrosso1@users.noreply.github.com> Co-authored-by: Denis DelGrosso <ddelgrosso@google.com>
4 people authoredSep 17, 2025 -
chore(Node.js): Update PR Template (#2583)
* chore(Node.js): Update PR Template * feat: Update PR Template * docs: Update synthtool/gcp/templates/node_library/.github/PULL_REQUEST_TEMPLATE.md Co-authored-by: sofisl <55454395+sofisl@users.noreply.github.com> * docs: Update synthtool/gcp/templates/node_library/.github/PULL_REQUEST_TEMPLATE.md Co-authored-by: sofisl <55454395+sofisl@users.noreply.github.com> --------- Co-authored-by: sofisl <55454395+sofisl@users.noreply.github.com> Source-Link: googleapis/synthtool@bb0a350 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:d0befde9bb710526253d1badc2d5b02884b466acc99db4e26ce8e71e69072ea0 * fix ignore --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <ddelgrosso@google.com> Co-authored-by: Denis DelGrosso <85250797+ddelgrosso1@users.noreply.github.com>
4 people authoredSep 17, 2025
Commits on Sep 18, 2025
-
fix: Common Service: should retry a request failed (#2652)
* fix: Retry failed requests * fix: Add comment explaining increased timeout
Commits on Oct 6, 2025
-
fix: Implement path containment to prevent traversal attacks (#2654)
* fix: Implement path containment to prevent traversal attacks This patch introduces strict path validation in TransferManager.downloadManyFiles to mitigate Arbitrary File Write and Path Traversal vulnerabilities. The fix includes two layers of defense: 1. Rejects Absolute Paths: Immediately throws an error if the object name is an absolute path (e.g., /etc/passwd). 2. Containment Check: Uses path.resolve to normalize the destination path and verify it remains strictly within the intended baseDir, preventing traversal using ../ sequences. SECURITY NOTE: This changes behavior by actively rejecting files with malicious path segments that were previously susceptible to writing outside the target directory. * fix: Use path.relative for robust path traversal check * fix: Enforce GCS standard '/' for directory marker detection * fix: Secure destination path against traversal * add error message * fix: Correct download destination logic and ensure recursive directory creation This commit resolves several critical issues in the `downloadManyFiles` logic related to path handling, destination assignment, and concurrent directory creation, enabling proper execution of bulk downloads and passing relevant tests. * fix: Optimize fsp.mkdir calls using a Set in downloadManyFiles Avoids redundant file system calls (fsp.mkdir) when downloading multiple files within the same directory. The call, while idempotent, was being performed for every file download, leading to unnecessary I/O overhead. This commit introduces a to track directories that have already been created within a single call, ensuring that is executed only once per unique destination directory path. * refactor: Extract base directory initialization/validation Moves the logic for resolving and validating the base download directory (`baseDir`, including initial path traversal checks) out of `downloadManyFiles` and into the private helper `_resolveAndValidateBaseDir`. This change cleans up the primary download execution path, making the file-by-file iteration loop more focused and readable. * fix * refactor: Remove explicit .code assignment from RequestError Removes the 'SECURITY_ABSOLUTE_PATH_REJECTED' & 'SECURITY_PATH_TRAVERSAL_REJECTED' code assignment from the thrown RequestError. The corresponding test assertion is updated to check the error message and type instead of the removed .code property.
-
chore: disable renovate for Node github action YAML configs (#2658)
chore: disable renovate for github action YAML configs Source-Link: googleapis/synthtool@158d49d Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:bdf89cdfb5b791d382184a7a769862b15c38e94e7d82b268c58d40d8952720f2 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
-
chore(main): release 7.17.2 (#2653)
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v7.17.1...v7.17.2