		@@ -15,2 +15,10 @@ import { BaseExternalAccountClient } from './baseexternalclient';
		* underlying credential source.
		*
		* IMPORTANT: This method does not validate the credential configuration.
		* A security risk occurs when a credential configuration configured with
		* malicious URLs is used. When the credential configuration is accepted from
		* an untrusted source, you should validate it before using it with this
		* method. For more details, see
		* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param options The external account options object typically loaded
		@@ -17,0 +25,0 @@ * from the external account JSON credential file.

+8

-0

build/src/auth/externalclient.js

		@@ -37,2 +37,10 @@ "use strict";
		* underlying credential source.
		*
		* IMPORTANT: This method does not validate the credential configuration.
		* A security risk occurs when a credential configuration configured with
		* malicious URLs is used. When the credential configuration is accepted from
		* an untrusted source, you should validate it before using it with this
		* method. For more details, see
		* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param options The external account options object typically loaded
		@@ -39,0 +47,0 @@ * from the external account JSON credential file.

+151

-7

build/src/auth/googleauth.d.ts

		@@ -42,17 +42,89 @@ import { GaxiosOptions, GaxiosResponse } from 'gaxios';
		/**
		* Path to a .json, .pem, or .p12 key file
		* @deprecated This option is being deprecated because of a potential security risk.
		*
		* This option does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* The recommended way to provide credentials is to create an `auth` object
		* using `google-auth-library` and pass it to the client constructor.
		* This will ensure that unexpected credential types with potential for
		* malicious intent are not loaded unintentionally. For example:
		* ```
		* const {GoogleAuth} = require('google-auth-library');
		* const auth = new GoogleAuth({
		* // Scopes can be specified either as an array or as a single, space-delimited string.
		* scopes: 'https://www.googleapis.com/auth/cloud-platform'
		* });
		* const client = new MyClient({ auth: auth });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*/
		keyFilename?: string;
		/**
		* Path to a .json, .pem, or .p12 key file
		* @deprecated This option is being deprecated because of a potential security risk.
		*
		* This option does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* The recommended way to provide credentials is to create an `auth` object
		* using `google-auth-library` and pass it to the client constructor.
		* This will ensure that unexpected credential types with potential for
		* malicious intent are not loaded unintentionally. For example:
		* ```
		* const {GoogleAuth} = require('google-auth-library');
		* const auth = new GoogleAuth({
		* // Scopes can be specified either as an array or as a single, space-delimited string.
		* scopes: 'https://www.googleapis.com/auth/cloud-platform'
		* });
		* const client = new MyClient({ auth: auth });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*/
		keyFile?: string;
		/**
		* Object containing client_email and private_key properties, or the
		* external account client options.
		* Cannot be used with {@link GoogleAuthOptions.apiKey `apiKey`}.
		* @deprecated This option is being deprecated because of a potential security risk.
		*
		* @remarks
		* This option does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@link https://cloud.google.com/docs/authentication/external/externally-sourced-credentials Validate credential configurations from external sources}.
		* The recommended way to provide credentials is to create an `auth` object
		* using `google-auth-library` and pass it to the client constructor.
		* This will ensure that unexpected credential types with potential for
		* malicious intent are not loaded unintentionally. For example:
		* ```
		* const {GoogleAuth} = require('google-auth-library');
		* const auth = new GoogleAuth({
		* // Scopes can be specified either as an array or as a single, space-delimited string.
		* scopes: 'https://www.googleapis.com/auth/cloud-platform'
		* });
		* const client = new MyClient({ auth: auth });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*/
		@@ -231,2 +303,34 @@ credentials?: JWTInput \| ExternalAccountClientOptions;
		*
		* @deprecated This method is being deprecated because of a potential security risk.
		*
		* This method does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* If you know that you will be loading credential configurations of a
		* specific type, it is recommended to use a credential-type-specific
		* constructor. This will ensure that an unexpected credential type with
		* potential for malicious intent is not loaded unintentionally. You might
		* still have to do validation for certain credential types. Please follow
		* the recommendation for that method. For example, if you want to load only
		* service accounts, you can use the `JWT` constructor:
		* ```
		* const {JWT} = require('google-auth-library');
		* const keys = require('/path/to/key.json');
		* const client = new JWT({
		* email: keys.client_email,
		* key: keys.private_key,
		* scopes: ['https://www.googleapis.com/auth/cloud-platform'],
		* });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param json The input object.
		@@ -247,2 +351,42 @@ * @param options The JWT or UserRefresh options for the client
		* Create a credentials instance using the given input stream.
		*
		* @deprecated This method is being deprecated because of a potential security risk.
		*
		* This method does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* If you know that you will be loading credential configurations of a
		* specific type, it is recommended to read and parse the stream, and then
		* use a credential-type-specific constructor. This will ensure that an
		* unexpected credential type with potential for malicious intent is not
		* loaded unintentionally. You might still have to do validation for certain
		* credential types. Please follow the recommendation for that method. For
		* example, if you want to load only service accounts, you can do:
		* ```
		* const {JWT} = require('google-auth-library');
		* const fs = require('fs');
		*
		* const stream = fs.createReadStream('path/to/key.json');
		* const chunks = [];
		* stream.on('data', (chunk) => chunks.push(chunk));
		* stream.on('end', () => {
		* const keys = JSON.parse(Buffer.concat(chunks).toString());
		* const client = new JWT({
		* email: keys.client_email,
		* key: keys.private_key,
		* scopes: ['https://www.googleapis.com/auth/cloud-platform'],
		* });
		* // use client
		* });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		* @param inputStream The input stream.
		@@ -249,0 +393,0 @@ * @param callback Optional callback.

+32

-0

build/src/auth/googleauth.js

		@@ -440,2 +440,34 @@ "use strict";
		*
		* @deprecated This method is being deprecated because of a potential security risk.
		*
		* This method does not validate the credential configuration. The security
		* risk occurs when a credential configuration is accepted from a source that
		* is not under your control and used without validation on your side.
		*
		* If you know that you will be loading credential configurations of a
		* specific type, it is recommended to use a credential-type-specific
		* constructor. This will ensure that an unexpected credential type with
		* potential for malicious intent is not loaded unintentionally. You might
		* still have to do validation for certain credential types. Please follow
		* the recommendation for that method. For example, if you want to load only
		* service accounts, you can use the `JWT` constructor:
		* ```
		* const {JWT} = require('google-auth-library');
		* const keys = require('/path/to/key.json');
		* const client = new JWT({
		* email: keys.client_email,
		* key: keys.private_key,
		* scopes: ['https://www.googleapis.com/auth/cloud-platform'],
		* });
		* ```
		*
		* If you are loading your credential configuration from an untrusted source and have
		* not mitigated the risks (e.g. by validating the configuration yourself), make
		* these changes as soon as possible to prevent security risks to your environment.
		*
		* Regardless of the method used, it is always your responsibility to validate
		* configurations received from external sources.
		*
		* For more details, see https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param json The input object.
		@@ -442,0 +474,0 @@ * @param options The JWT or UserRefresh options for the client

+7

-0

build/src/auth/impersonated.d.ts

		@@ -80,2 +80,9 @@ /**
		*
		* IMPORTANT: This method does not validate the credential configuration.
		* A security risk occurs when a credential configuration configured with
		* malicious URLs is used. When the credential configuration is accepted from
		* an untrusted source, you should validate it before using it with this
		* method. For more details, see
		* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param {object} options - The configuration object.
		@@ -82,0 +89,0 @@ * @param {object} [options.sourceClient] the source credential used as to

+7

-0

build/src/auth/impersonated.js

		@@ -41,2 +41,9 @@ "use strict";
		*
		* IMPORTANT: This method does not validate the credential configuration.
		* A security risk occurs when a credential configuration configured with
		* malicious URLs is used. When the credential configuration is accepted from
		* an untrusted source, you should validate it before using it with this
		* method. For more details, see
		* https://cloud.google.com/docs/authentication/external/externally-sourced-credentials.
		*
		* @param {object} options - The configuration object.
		@@ -43,0 +50,0 @@ * @param {object} [options.sourceClient] the source credential used as to

+1

-1

package.json

		{
		"name": "google-auth-library",
		"version": "10.3.0",
		"version": "10.3.1",
		"author": "Google Inc.",
		@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

README.md

Sorry, the diff of this file is too big to display

google-auth-library - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics