chore: update protobufjs for compatibility and potential bug fixes #302
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… to 7.2.4 for compatibility and potential bug fixes
|
Thanks for your contribution. The next step is to wait for review and approval to merge it to main repository The community can help reacting with a thumb up (:thumbsup:) for approval and rocket (:rocket:) for who has tested it. To test this PR you can run the following command below: |
jeferson-guedes
approved these changes
Aug 2, 2023
jlucaso1
approved these changes
Aug 9, 2023
PurpShell
approved these changes
Jan 4, 2024
canove
approved these changes
Jan 15, 2024
laxeder
pushed a commit
to laxeder/Baileys
that referenced
this pull request
Jan 20, 2024
… to 7.2.4 for compatibility and potential bug fixes (WhiskeySockets#302) Co-authored-by: Rajeh Taher <rajeh@reforward.dev>
PurpShell
added a commit
that referenced
this pull request
Mar 12, 2024
* feat: Set in group settings memberAddMode and joinApprovalMode (#534) * feat: Set in group settings memberAddMode and joinApprovalMode * fix lint * fix lint * fix conflict --------- Co-authored-by: Bob <115008575+FortisEtMagnus@users.noreply.github.com> Co-authored-by: Bob <115008575+bobpetrov@users.noreply.github.com> Co-authored-by: Rajeh Taher <rajeh@reforward.dev> * feat: memberAddMode and joinApprovalMode in groups.update (#532) * feat: memberAddMode and joinApprovalMode * feat: memberAddMode and joinApprovalMode * Update process-message.ts * fix lint * Update messages-recv.ts * Update GroupMetadata.ts * Update messages-recv.ts * Update messages-recv.ts * chore: fix linting and code efficiency * fix lint * Fix lint * Update process-message.ts * Update process-message.ts --------- Co-authored-by: Bob <115008575+FortisEtMagnus@users.noreply.github.com> Co-authored-by: Bob <115008575+bobpetrov@users.noreply.github.com> Co-authored-by: Rajeh Taher <rajeh@reforward.dev> * Update package.json (#506) Any version of cache-manager greater than 4.0.1 stopped coming with an index.js resulting to `@whiskeysockets/baileys/node_modules/cache-manager/dist/index.js'. Please verify that the package.json has a valid "main" entry` error * Use senderTimestampMs instead of messageTimestamp (#348) * Use senderTimestampMs instead of messageTimestamp * Add .toNumber(), because senderTimestampMs is Long * chore: Fix linting --------- Co-authored-by: Rajeh Taher <rajeh@reforward.dev> * feat: add option for Windows browser (#303) * chore(package.json): update protobufjs dependency from version 6.11.3 to 7.2.4 for compatibility and potential bug fixes (#302) Co-authored-by: Rajeh Taher <rajeh@reforward.dev> * feat: auto version hash (#290) * feat: auto version hash * sort imports --------- Co-authored-by: Rajeh Taher <rajeh@reforward.dev> * chore: updated proto/version to v2.2403.2 (#288) Co-authored-by: edgardmessias <edgardmessias@users.noreply.github.com> * bump: sharp to ^0.32.2 (#245) * feat: Add max msg retry count (#572) * Update getDevice (#569) Co-authored-by: Bob <115008575+bobpetrov@users.noreply.github.com> * chore: Add more docs regarding status@broadcast messages * Support for receiving "view once" audio messages (#595) * Update size calculation in extractGroupMetadata function (#581) * feat: If need approval to join the group in groupMetadata (#533) * If need approval to join the group * If need approval to join the group * Update groups.ts * Update groups.ts * fix lint * Update groups.ts * Update groups.ts --------- Co-authored-by: Bob <115008575+FortisEtMagnus@users.noreply.github.com> Co-authored-by: Bob <115008575+bobpetrov@users.noreply.github.com> * chore: fix typing (duplicate property due to overlapping PRs) * chore: fix github action release * chore: fix manual release action * chore: revert changes to package.json * fix: quick test to diagnose working dir issue * fix yml syntax * chore: fix yarn.lock * chore: fix release workflow * chore(release): v6.6.0 * Update FUNDING.yml * chore: fix audio decode error due to passing spread argument * Change the default browser to fix pairing code --------- Co-authored-by: Bob <115008575+bobslavtriev@users.noreply.github.com> Co-authored-by: Bob <115008575+FortisEtMagnus@users.noreply.github.com> Co-authored-by: Bob <115008575+bobpetrov@users.noreply.github.com> Co-authored-by: NOOB-KILLERBOT <79617162+chocolaid@users.noreply.github.com> Co-authored-by: Alex <allburov@gmail.com> Co-authored-by: Ashary Vermaysha <34608589+vermaysha@users.noreply.github.com> Co-authored-by: ugurgungezerler <ugurgungezerler@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: edgardmessias <edgardmessias@users.noreply.github.com> Co-authored-by: Muhammed Kaplan <mmuhammedkaplan0@gmail.com> Co-authored-by: Alex Sandro <63991021+laxeder@users.noreply.github.com> Co-authored-by: Javier Cuevas <javiercr@gmail.com> Co-authored-by: Wender Teixeira <unktools@gmail.com> Co-authored-by: ShellTear <shelltear1337@gmail.com> Co-authored-by: Timothy Dillan <timothi.dillan10@gmail.com> Co-authored-by: Pokoke <74485230+Pokoke-01@users.noreply.github.com> Co-authored-by: Alessandro Autiero <alautiero@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I found a security warning on one of my repositories that uses Baileys. This warning is caused by the protobufjs Prototype Pollution vulnerability. Here's the description:
The version of protobuf.js (aka protobufjs) from 6.10.0 to 7.2.4 allows Prototype Pollution, which is a different vulnerability than CVE-2022-25878. An attacker can use a user-controlled protobuf message to pollute the prototype of Object.prototype by adding and overwriting its data and functions. This vulnerability can be exploited in various ways: (1) by using the function "parse" to parse protobuf messages on the fly, (2) by loading .proto files using "load" or "loadSync" functions, or (3) by providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. It's essential to note that this CVE Record is related to the use of Object.constructor.prototype. = ...; while CVE-2022-25878 was related to Object.proto. = ...; instead.