[Snyk] Upgrade protobufjs from 7.1.2 to 7.2.2 #5

snyk-bot · 2023-04-01T19:23:04Z

Snyk has created this PR to upgrade protobufjs from 7.1.2 to 7.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 2 months ago, on 2023-02-07.

Release notes

Package name: protobufjs

7.2.2 - 2023-02-07
7.2.2 (2023-02-07)

Bug Fixes
- do not allow to extend same field twice to prevent the error (#1784) (14f0536)
7.2.1 - 2023-02-02
7.2.1 (2023-02-02)

Bug Fixes
- cli: fix relative path to Google pb files (#1859) (e42eea4)
- Revert "fix: error should be thrown" (4489fa7)
- use bundled filename to fix common pb includes (#1860) (dce9a2e)
- use ES5 style function syntax (#1830) (64e8936)
7.2.0 - 2023-01-24
7.2.0 (2023-01-24)

Features
- cli: generate static files at the granularity of proto messages (#1840) (32f2d6a)
Bug Fixes
- error should be thrown (#1817) (e7a3489)
7.1.2 - 2022-09-22
7.1.2 (2022-09-22)

Bug Fixes
- types: nested object can be a oneof (#1812) (119d90a)

from protobufjs GitHub release notes

Commit messages

Package name: protobufjs

e721d04 chore: release master (Proxy setup for Google Chat notifications louislam/uptime-kuma#1867)
14f0536 fix: do not allow to extend same field twice to prevent the error (Update i18n for en & zh-CN louislam/uptime-kuma#1784)
644d588 chore: release master (PUSH仅down时通知 louislam/uptime-kuma#1865)
e42eea4 fix(cli): fix relative path to Google pb files (Update docker-compose.yml louislam/uptime-kuma#1859)
dce9a2e fix: use bundled filename to fix common pb includes (Twillo SMS Alerts louislam/uptime-kuma#1860)
64e8936 fix: use ES5 style function syntax (Automatic create incident louislam/uptime-kuma#1830)
4489fa7 Revert "fix: error should be thrown (Add support for monitoring MySQL/MariaDB databases louislam/uptime-kuma#1817)" (Use distinctive page title for login page for password managers louislam/uptime-kuma#1864)
0099ddc chore: release master (Update sl-SI.js louislam/uptime-kuma#1852)
32f2d6a feat(cli): generate static files at the granularity of proto messages (Manual database changes not reflecting in Uptime Kuma while app is running louislam/uptime-kuma#1840)
ea7b9a6 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (heartbeat schedule louislam/uptime-kuma#1837)
e7a3489 fix: error should be thrown (Add support for monitoring MySQL/MariaDB databases louislam/uptime-kuma#1817)
82f55e6 build(deps): bump json5 from 2.2.1 to 2.2.3 (Monitor showing offline but its online louislam/uptime-kuma#1848)
57fe6f5 chore(deps): update dependency jsdoc to v4 (Added grpc monitoring with reflection api louislam/uptime-kuma#1833)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade protobufjs from 7.1.2 to 7.2.2. See this package in npm: https://www.npmjs.com/package/protobufjs See this project in Snyk: https://app.snyk.io/org/othmaneelmhassani/project/5851fadc-b560-4310-a888-27daac00df5f?utm_source=github&utm_medium=referral&page=upgrade-pr

socket-security · 2023-04-01T19:24:46Z

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore protobufjs@7.2.2

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
protobufjs@7.2.2 (upgraded)	`postinstall`	`package-lock.json`, `package.json` via @grpc/grpc-js@1.7.3

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Capability Access	`+/-` Transitive Count	Publisher
protobufjs@7.2.2	7.1.2...7.2.2	network, filesystem	`+0/-0`	google-wombot

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade protobufjs from 7.1.2 to 7.2.2 #5

[Snyk] Upgrade protobufjs from 7.1.2 to 7.2.2 #5

snyk-bot commented Apr 1, 2023

7.2.2 (2023-02-07)

Bug Fixes

7.2.1 (2023-02-02)

Bug Fixes

7.2.0 (2023-01-24)

Features

Bug Fixes

7.1.2 (2022-09-22)

Bug Fixes

socket-security bot commented Apr 1, 2023

[Snyk] Upgrade protobufjs from 7.1.2 to 7.2.2 #5

Are you sure you want to change the base?

[Snyk] Upgrade protobufjs from 7.1.2 to 7.2.2 #5

Conversation

snyk-bot commented Apr 1, 2023

Snyk has created this PR to upgrade protobufjs from 7.1.2 to 7.2.2.

7.2.2 (2023-02-07)

Bug Fixes

7.2.1 (2023-02-02)

Bug Fixes

7.2.0 (2023-01-24)

Features

Bug Fixes

7.1.2 (2022-09-22)

Bug Fixes

socket-security bot commented Apr 1, 2023