Skip to content

chore(deps): update dependency protobufjs to v7.5.8 (main)#10

Open
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-protobufjs-7.x-lockfile
Open

chore(deps): update dependency protobufjs to v7.5.8 (main)#10
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/main-protobufjs-7.x-lockfile

Conversation

@mend-for-github-com

@mend-for-github-com mend-for-github-com Bot commented Apr 19, 2026
edited
Loading

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
protobufjs 7.4.07.5.8 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability Reachability
Critical Critical 9.9 CVE-2026-41242

Unreachable
High High 8.8 CVE-2026-44293
High High 8.1 CVE-2026-44291
High High 7.5 CVE-2026-44289
High High 7.5 CVE-2026-44290
Medium Medium 5.3 CVE-2026-44288
Medium Medium 5.3 CVE-2026-44292
Medium Medium 5.3 CVE-2026-44294
Medium Medium 5.3 CVE-2026-45740

Release Notes

protobufjs/protobuf.js (protobufjs)

v7.5.8: protobufjs: v7.5.8

Compare Source

Bug Fixes

v7.5.7: protobufjs: v7.5.7

Compare Source

Bug Fixes

v7.5.6: protobufjs: v7.5.6

Compare Source

Bug Fixes

v7.5.5: v7.5.5

Compare Source

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#​2126)
  • fix: filter invalid characters from the type name (#​2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

v7.5.4

Compare Source

Bug Fixes

v7.5.3

Compare Source

Bug Fixes

v7.5.2

Compare Source

Bug Fixes

v7.5.1

Compare Source

Bug Fixes

v7.5.0

Compare Source

Features
  • add Edition 2023 Support (f04ded3)
  • add Edition 2023 Support (ac9a3b9)
  • add Edition 2023 Support (e5ca5c8)
  • add Edition 2023 Support (a84409b)
  • add Edition 2023 Support (9c5a178)
  • add Edition 2023 Support (b2c6867)
  • add Edition 2023 Support (60f3e51)
  • add Edition 2023 Support (a656361)
  • add Edition 2023 Support (869a95b)
  • add Edition 2023 Support (b936af4)
  • add Edition 2023 Support (a938467)
  • add Edition 2023 Support (1af8454)
  • add Edition 2023 Support (785416f)
  • add feature resolution (a9ffc8a)
  • add feature resolution and tests (68b5339)
  • add feature resolution for protobuf editions (547afa2)
  • add feature resolution for protobuf editions (65d3ed1)
  • api_converters_editions tests added and run successfully" (b4b5ca4)
  • increase size of file that protobufjs CLI can process (00d5f1a)
  • increase size of file that protobufjs CLI can process (d36ef0f)
Bug Fixes
  • change tree traversal order and feature resolution algorithm (d2d47d9)
  • remove eval usage so that chrome extension MV3 can run properly (#​1941) (f2ccb99)
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by Mend label Apr 19, 2026
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/main-protobufjs-7.x-lockfile branch from c998d0e to 92cf0c2 Compare May 17, 2026 06:42
@mend-for-github-com mend-for-github-com Bot changed the title chore(deps): update dependency protobufjs to v7.5.5 (main) chore(deps): update dependency protobufjs to v7.5.8 (main) May 17, 2026
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/main-protobufjs-7.x-lockfile branch from 92cf0c2 to 06b77cf Compare May 18, 2026 04:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants