Skip to content

Commit

Permalink
Bump the version of protobufjs, resolve CVE-2023-36665 (#313)
Browse files Browse the repository at this point in the history 
- Bump `protobufjs` to the latest 7.x major version
- Addresses CVE-2023-36665
  • Loading branch information
@justinvp
justinvp committed Jul 24, 2023
1 parent 5f050fc commit 1f97d95
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ _(none)_

---

## 1.7.0 (2023-07-24)

- Bump `protobufjs` to the latest 7.x major version. Addresses [CVE-2023-36665](https://security.snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498)
(https://github.com/pulumi/pulumi-policy/pull/313).

## 1.6.0 (2023-06-28)

- Bump `protobufjs` to the latest 6.x minor version. Addresses [CVE-2022-25878](https://security.snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248)
Expand Down
2 changes: 1 addition & 1 deletion sdk/nodejs/policy/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"@grpc/grpc-js": "^1.2.7",
"@pulumi/pulumi": "^3.0.0",
"google-protobuf": "^3.5.0",
"protobufjs": "^6.11.3"
"protobufjs": "^7.2.4"
},
"devDependencies": {
"@types/mocha": "^2.2.42",
Expand Down

0 comments on commit 1f97d95

Please sign in to comment.