Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure dependency: protobufjs@5.0.2 #222

Closed
juliusza opened this issue May 9, 2018 · 4 comments
Closed

Insecure dependency: protobufjs@5.0.2 #222

juliusza opened this issue May 9, 2018 · 4 comments
Assignees
@alexander-fenster
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. 🚨 This issue needs some love. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@juliusza
Copy link

juliusza commented May 9, 2018

Please update dependencies if patched versions are available:

image
@JustinBeckwith
Copy link
Contributor

This is getting brought in by grpc@1.11.3 - @ murgatroid99 is there a release on the way with an updated protobuf?

@murgatroid99
Copy link

This has also been reported in grpc/grpc-node#277. I have submitted a patch to Protobuf.js to fix this problem in the version 5 branch: protobufjs/protobuf.js#1030. When that new package is published, we will also update grpc's dependency on Protobuf.js.

@davibq
Copy link

davibq commented May 30, 2018

Any updates on this one? Looks like protobufjs/protobuf.js#1030 has been merged.
Can we update the dependencies to point to protobuf.js@5.0.3 ?

@JustinBeckwith JustinBeckwith added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels May 31, 2018
@JustinBeckwith JustinBeckwith added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Jun 8, 2018
@JustinBeckwith
Copy link
Contributor

This seems to be resolved. Please do let me know if you're still getting the error!

@yoshi-automation yoshi-automation added the 🚨 This issue needs some love. label Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexander-fenster alexander-fenster

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. 🚨 This issue needs some love. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@JustinBeckwith @murgatroid99 @davibq @alexander-fenster @juliusza @yoshi-automation