Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade protobufjs from version 7.2.0 to 7.2.4, in order to fix CVE-2023-36665 #880

Closed
wants to merge 1 commit into from
Closed

Upgrade protobufjs from version 7.2.0 to 7.2.4, in order to fix CVE-2023-36665 #880

wants to merge 1 commit into from

Conversation

ariel9016
Copy link

@ariel9016 ariel9016 commented Jul 19, 2023
edited by aabmass
Loading

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

@ariel9016 ariel9016 requested review from a team as code owners July 19, 2023 09:50
@google-cla
Copy link

google-cla bot commented Jul 19, 2023

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@product-auto-label product-auto-label bot added size: xs Pull request size is extra small. api: cloudprofiler Issues related to the googleapis/cloud-profiler-nodejs API. labels Jul 19, 2023
@aabmass
Copy link
Collaborator

aabmass commented Jul 19, 2023

@ariel9016 can you sign the CLA? This partially fixes the issue but the problem still exists the in the transitive dependency pprof (which I need to fix and release first).

@ariel9016
Copy link
Author

Hi @aabmass
I am not familiar with GitHub system that much.
I just wanted to raise that there is an upgrade required for protobufjs to Version 7.2.4

@aabmass
Copy link
Collaborator

aabmass commented Jul 21, 2023
edited
Loading

Thanks for raising it. This PR isn't actually necessary as ~7.0.0 allows selecting the newer version.

I'm fixing the issue by upgrading other depepdencies right now.

@aabmass aabmass closed this Jul 21, 2023
@aabmass
Copy link
Collaborator

aabmass commented Jul 21, 2023

See #879

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
api: cloudprofiler Issues related to the googleapis/cloud-profiler-nodejs API. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ariel9016 @aabmass