Skip to content

feat(internal/librarian/python): bump snippet metadata versions#4030

Merged
jskeet merged 1 commit intogoogleapis:mainfrom
jskeet:python-bump-snippets
Feb 13, 2026
Merged

feat(internal/librarian/python): bump snippet metadata versions#4030
jskeet merged 1 commit intogoogleapis:mainfrom
jskeet:python-bump-snippets

Conversation

@jskeet
Copy link
Contributor

@jskeet jskeet commented Feb 12, 2026

Towards #3389

@jskeet jskeet requested a review from JoeWang1127 February 12, 2026 11:57
@jskeet jskeet requested a review from a team as a code owner February 12, 2026 11:57
@jskeet
Copy link
Contributor Author

jskeet commented Feb 12, 2026

@JoeWang1127 I'd expect you to be able to use basically the same code in the golang bump.

@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.01%. Comparing base (105fd65) to head (952b9a7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4030   +/-   ##
=======================================
  Coverage   82.01%   82.01%           
=======================================
  Files          77       77           
  Lines        6504     6504           
=======================================
  Hits         5334     5334           
  Misses        825      825           
  Partials      345      345

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request extends the Python version bumping logic to also update the version in snippet metadata files. While the core logic changes and test additions are good, a security audit identified critical vulnerabilities in internal/librarian/python/bump.go. A critical Command Injection vulnerability exists due to the unsanitized version parameter, allowing for potential Remote Code Execution. Furthermore, a high-severity Path Traversal vulnerability was found because the output parameter is not sanitized, which could allow an attacker to read or write files on the server. It is crucial to remediate these findings by properly sanitizing all external inputs, adhering to the principle of validating inputs at the point of use and sanitizing inputs for code generation templates to prevent injection vulnerabilities. Additionally, consider improving maintainability by avoiding hardcoded paths.

@jskeet jskeet closed this Feb 12, 2026
@jskeet jskeet reopened this Feb 13, 2026
@jskeet jskeet force-pushed the python-bump-snippets branch from 732839c to 952b9a7 Compare February 13, 2026 16:23
@jskeet
Copy link
Contributor Author

jskeet commented Feb 13, 2026

Reopened - I only closed this accidentally, attempting to close something else :(

@jskeet jskeet merged commit c3fe4ef into googleapis:main Feb 13, 2026
14 checks passed
@jskeet jskeet deleted the python-bump-snippets branch February 13, 2026 16:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoeWang1127 JoeWang1127 JoeWang1127 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jskeet @JoeWang1127