feat(core): Bump node google-auth-library version to 10.9.0 (#28385)

Co-authored-by: Jerry Lin <jerrysf@google.com>
This commit is contained in:
Jerry Lin
2026-07-13 13:41:57 -07:00
committed by GitHub
parent a345621404
commit fa975395bc
5 changed files with 105 additions and 1441 deletions
+82 -1433
View File
File diff suppressed because it is too large Load Diff
+3
View File
@@ -95,8 +95,10 @@
],
"devDependencies": {
"@agentclientprotocol/sdk": "0.16.1",
"@modelcontextprotocol/sdk": "1.23.0",
"read-package-up": "11.0.0",
"@octokit/rest": "22.0.0",
"@types/express": "5.0.3",
"@types/marked": "5.0.2",
"@types/mime-types": "3.0.1",
"@types/minimatch": "5.1.2",
@@ -121,6 +123,7 @@
"eslint-plugin-import": "2.32.0",
"eslint-plugin-react": "7.37.5",
"eslint-plugin-react-hooks": "5.2.0",
"express": "5.1.0",
"glob": "12.0.0",
"globals": "16.0.0",
"google-artifactregistry-auth": "3.4.0",
+1 -1
View File
@@ -64,7 +64,7 @@
"fdir": "6.4.6",
"fzf": "0.5.2",
"glob": "12.0.0",
"google-auth-library": "9.11.0",
"google-auth-library": "10.9.0",
"html-to-text": "9.0.5",
"http-proxy-agent": "7.0.2",
"https-proxy-agent": "7.0.6",
+1 -1
View File
@@ -110,7 +110,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
============================================================
json-schema-traverse@1.0.0
json-schema-traverse@0.4.1
(git+https://github.com/epoberezkin/json-schema-traverse.git)
MIT License
+18 -6
View File
@@ -72,17 +72,29 @@ if (invalidPackages.length > 0) {
console.log('Lockfile check passed.');
}
// Check that gaxios v7+ is NOT resolved in any workspace node_modules.
// gaxios v7.x has a bug where Array.toString() joins stream chunks with
// Check that gaxios v7+ with stream corruption bug is NOT resolved in any workspace node_modules.
// gaxios v7.x (versions < 7.1.6) has a bug where Array.toString() joins stream chunks with
// commas, corrupting error response JSON at TCP chunk boundaries.
// See: https://github.com/google-gemini/gemini-cli/pull/21884
function isCorruptedGaxios(version) {
if (!version) return false;
const match = version.match(/^7\.(\d+)\.(\d+)/);
if (match) {
const minor = parseInt(match[1], 10);
const patch = parseInt(match[2], 10);
if (minor < 1 || (minor === 1 && patch < 6)) {
return true;
}
}
return false;
}
const gaxiosViolations = [];
for (const [location, details] of Object.entries(packages)) {
if (
location.match(/(^|\/)node_modules\/gaxios$/) &&
!location.includes('@google/genai/node_modules') &&
details.version &&
parseInt(details.version.split('.')[0], 10) >= 7
isCorruptedGaxios(details.version)
) {
gaxiosViolations.push(`${location} (v${details.version})`);
}
@@ -90,12 +102,12 @@ for (const [location, details] of Object.entries(packages)) {
if (gaxiosViolations.length > 0) {
console.error(
'\nError: gaxios v7+ detected in workspace node_modules. This version has a stream corruption bug.',
'\nError: gaxios versions with stream corruption bug (v7.x < 7.1.6) detected in workspace node_modules.',
);
console.error('See: https://github.com/google-gemini/gemini-cli/pull/21884');
gaxiosViolations.forEach((v) => console.error(`- ${v}`));
console.error(
'\nDo NOT upgrade @google/genai or google-auth-library until the gaxios v7 bug is fixed upstream.',
'\nPlease ensure gaxios resolves to a version containing the fix (>= 7.1.6).',
);
process.exitCode = 1;
}