feat(deps-dev): bump @google-cloud/bigquery from 5.5.0 to 8.1.1#19034
feat(deps-dev): bump @google-cloud/bigquery from 5.5.0 to 8.1.1#19034dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
dependabot
bot
added
dependencies
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| }, | ||
| "devDependencies": { | ||
| "@google-cloud/bigquery": "^5.3.0", | ||
| "@google-cloud/bigquery": "^8.1.1", |
There was a problem hiding this comment.
Version mismatch between @google-cloud/common devDependency and transitive dependency
Medium Severity
The @google-cloud/bigquery@^8.1.1 update requires @google-cloud/common@^6.0.0 as a transitive dependency, but the devDependency still specifies @google-cloud/common@^3.4.1. This causes both v3.6.0 and v6.0.0 to be installed. The integration code in google-cloud-http.ts does require('@google-cloud/common') which resolves to v3.x, while BigQuery internally uses v6.x. Since these are separate module instances, the test patches the wrong Service.prototype.request and may not accurately test the integration with BigQuery v8.
Additional Locations (1)
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/google-cloud/bigquery-8.1.1
branch
from
8d5a16a to
22c22bf
Compare
Bumps [@google-cloud/bigquery](https://github.com/googleapis/nodejs-bigquery) from 5.5.0 to 8.1.1. - [Release notes](https://github.com/googleapis/nodejs-bigquery/releases) - [Changelog](https://github.com/googleapis/nodejs-bigquery/blob/main/CHANGELOG.md) - [Commits](googleapis/nodejs-bigquery@v5.5.0...v8.1.1) --- updated-dependencies: - dependency-name: "@google-cloud/bigquery" dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/google-cloud/bigquery-8.1.1
branch
from
22c22bf to
5383513
Compare
| "devDependencies": { | ||
| "@google-cloud/bigquery": "^5.3.0", | ||
| "@google-cloud/bigquery": "^8.1.1", | ||
| "@google-cloud/common": "^3.4.1", |
There was a problem hiding this comment.
Bug: The @google-cloud/bigquery upgrade creates a version conflict with @google-cloud/common, causing the Sentry patch to not apply and silently disabling tracing for BigQuery requests.
Severity: MEDIUM
Suggested Fix
Update the @google-cloud/common dependency in devDependencies to match the version required by @google-cloud/bigquery@8.1.1, which is ^6.0.0. This will resolve the version conflict and ensure the Sentry integration correctly patches the module used by the BigQuery client.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/google-cloud-serverless/package.json#L57
Potential issue: The `package.json` is being updated to use
`@google-cloud/bigquery@8.1.1`, which has a dependency on `@google-cloud/common@^6.0.0`.
However, the `devDependencies` in the same `package.json` still explicitly require an
older, incompatible version, `@google-cloud/common@^3.4.1`. This version mismatch can
lead to `yarn` installing both versions. The Sentry integration patches the older
version (`^3.4.1`), while the new BigQuery library uses the newer version (`^6.0.0`). As
a result, the patch will not be applied to BigQuery's requests, causing a silent failure
where BigQuery operations are not traced by Sentry.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/google-cloud/bigquery-8.1.1
branch
1 participant
Bumps @google-cloud/bigquery from 5.5.0 to 8.1.1.
Release notes
Sourced from
@google-cloud/bigquery's releases.... (truncated)
Changelog
Sourced from
@google-cloud/bigquery's changelog.... (truncated)
Commits
8ab92f1chore(main): release 8.1.1 (#1501)46ee142chore: update types from Discovery (#1502)926c9f8fix: removeispackage as dependency (#1500)02db74echore(deps): update dependency google-auth-library to v10.1.0 (#1483)b2d4c1dchore: update types from Discovery (#1487)9729d1echore(main): release 8.1.0 (#1481)1bd620achore(deps): update dependency google-auth-library to v10.0.0-rc.2 (#1478)b51359afeat: job creation mode GA (#1480)8151e72feat: support per-job reservation assignment (#1477)5fc2a41chore: update types from Discovery (#1476)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)