[Snyk] Security upgrade protobufjs from 6.11.2 to 7.2.4

[eaviles]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: protobufjs

The new version differs by 72 commits.

• 42e5a9c chore: release master (#1900)
• e66379f fix: do not let setProperty change the prototype (#1899)
• 56b1e64 chore: release master (#1879)
• 8817ee6 fix: type names can be split into multiple tokens (#1877)
• e721d04 chore: release master (#1867)
• 14f0536 fix: do not allow to extend same field twice to prevent the error (#1784)
• 644d588 chore: release master (#1865)
• e42eea4 fix(cli): fix relative path to Google pb files (#1859)
• dce9a2e fix: use bundled filename to fix common pb includes (#1860)
• 64e8936 fix: use ES5 style function syntax (#1830)
• 4489fa7 Revert "fix: error should be thrown (#1817)" (#1864)
• 0099ddc chore: release master (#1852)
• 32f2d6a feat(cli): generate static files at the granularity of proto messages (#1840)
• ea7b9a6 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1837)
• e7a3489 fix: error should be thrown (#1817)
• 82f55e6 build(deps): bump json5 from 2.2.1 to 2.2.3 (#1848)
• 57fe6f5 chore(deps): update dependency jsdoc to v4 (#1833)
• d026849 chore: release master (#1813)
• 119d90a fix(types): nested object can be a oneof (#1812)
• 67fe592 Update CDN (RawGit EOL) (#1806)
• 6254efb chore: release master (#1804)
• 7c27b5a fix: add import long to the generated .d.ts (#1802)
• 7120e93 fix: generate valid js code for aliased enum values (#1801)
• 48457c4 chore: release master (#1772)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (e226a50) 100.00% compared to head (ab81365) 100.00%.

❗ Current head ab81365 differs from pull request most recent head 2aa2c94. Consider uploading reports for the commit 2aa2c94 to get more accurate results

Additional details and impacted files

@@            Coverage Diff            @@
##           develop      #722   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           19        19           
  Lines         1409      1409           
  Branches       192       192           
=========================================
  Hits          1409      1409           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[skolsuper]

Sorry to be a bother, but what's the timeline get this into an npm release? I'm having trouble using this branch in my package.json because of a conflict with husky

[albertosaito]

I'll merge this PR today, and then I'll try to figure out how to make the npm release.

[albertosaito]

Merging this PR to solve GHSA-h755-8qp9-cq85