Critical vulnerability: npm protobufjs dependency needs an upgrade to 7.2.5

eclipse / tahu

Eclipse Tahu addresses the existence of legacy SCADA/DCS/ICS protocols and infrastructures and provides a much-needed definition of how best to apply MQTT into these existing industrial operational environments.

https://eclipse.org/tahu

Eclipse Public License 2.0

216 stars 123 forks source link

Critical vulnerability: npm protobufjs dependency needs an upgrade to 7.2.5 #390

Open JSmits96 opened 1 week ago

JSmits96 commented 1 week ago

Currently in "sparkplug-payload" package there is

"protobufjs": "^6.11.3"

That needs an upgrade to 7.2.5 at least to be resolved.

Reference: CVE-2023-36665

Thanks!