Fixes typeRefRe used in the parser (1.X-6.8.5) being vulnerable to ReDoS as reported by James Davis. Relevant where a user is allowed to provide .proto sources for parsing. Applications using trusted .proto definitions, JSON descriptors or static code exclusively are not affected.
:hash: Preserve comments when serializing/deserializing with toJSON and fromJSON. (#983) :hash: Add more details to some frequent error messages (#962) :hash: Add IParseOptions#alternateCommentMode (#968) :hash: Added field_mask to built-in common wrappers (#982)
Other
:hash: Remove code climate config in order to use 'in-app' config instead
:hash: Prevent invalid JSDoc names when generating service methods, see #870 :hash: Prevent parse errors when generating service method names, see #870 :hash: Support parsing nested option-values with or without ':' (#951, fixes #946) :hash: Add support for reserved keyword in enums (#950, fixes #949) :hash: Unified safe property escapes and added a test for #834 :hash: Fix codegen if type name starts with "Object" :hash: Fixed dependency for json-module to use "light". :hash: Basic support for URL prefixes in google.protobuf.Any types. :hash: fixed 'error is not defined linter warning when using static/static-module and es6 :hash: Fixed wrong type_url for any type (no leading '.' allowed). :hash: Fixed fromObject() for google.protobuf.Any types. :hash: Handle case where 'extendee' is undefined in ext/descriptor
CLI
:hash: Sanitize CR-only line endings (coming from jsdoc?) :hash: Make sure enum typings become generated (#884 didn't solve this)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/beingmohit/libp2p-rpc/network/alerts).
dependabot[bot]
commented
2 years ago
Bumps protobufjs from 6.8.0 to 6.8.6.
Release notes
Sourced from protobufjs's releases.
Changelog
Sourced from protobufjs's changelog.
Commits
918ff01Update dist files for 6.8.62ee1028Security: Fix typeRefRe being vulnerable to ReDoSb912005Update dist files for 6.8.5462132fNew: Preserve comments when serializing/deserializing with toJSON and fromJSO...635fef0Other: Remove code climate config in order to use 'in-app' config instead8d0209dOther: Update dependencies and dist filesd29c0caNew: Add more details to some frequent error messages (#962)8400f87New: Add IParseOptions#alternateCommentMode (#968)d6e3b9eNew: Added field_mask to built-in common wrappers (#982)057325dUpdate changelogDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/beingmohit/libp2p-rpc/network/alerts).