CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4

Question

letsgolesco opened this issue a year ago · comments

pprof depends on a vulnerable library protobufjs ~7.0.0
A fix is available in protobufjs 7.2.4
Vulnerability link: GHSA-h755-8qp9-cq85

Can we upgrade this dependency to 7.2.4?

Aaron Abbott · Answer 1 · Wed Jul 19 2023 02:32:58 GMT+0800 (China Standard Time)

Thanks for flagging, I'll take this