fix: make google_gax compatible with tesla >= 1.18.3#13328
Conversation
| ) | ||
|
|
||
| plug(Tesla.Middleware.DecompressResponse, []) | ||
| plug(Tesla.Middleware.DecompressResponse, max_body_size: :infinity) |
There was a problem hiding this comment.
tesla's max_body_size option here was made required to fix a "decompression bomb" vulnerability in elixir-tesla/tesla@340f75b.
So, setting it to :infinity is not ideal, decompression vuln still present, but it's the more backwards-compatible way to make google_gax compatible with latest tesla, and just keeps previous tesla behavior.
We can set to :infinity, release 0.4.2, then consider setting it to some safer, limited value for a new release that might be backwards-incompatible.
But at least having a patch version that it's compatible with latest tesla can unblock a lot of downstream projects being blocked from updating tesla.
|
Thank you for your contribution to elixir-google-api. This repository is currently in the process of being archived and as such all existing pull requests are being closed. |
fixes #13325
These are the changes needed to get the test to pass after running
mix deps.update tesla.Note that no changes in
mix.lockbecuase the file is ignored in.gitignore.