gojay package has direct dependency on "github.com/golang/protobuf" with "v1.3.1" version. As there is high vulnerability CVE-2021-3121 reported in protobuf up to 1.3.1 as mentioned here https://nvd.nist.gov/vuln/detail/CVE-2021-3121.
We need to upgrade protobuf to >= 1.3.2 to fix the given CVE and release new version of gojay package.
gojay package has direct dependency on "github.com/golang/protobuf" with "v1.3.1" version. As there is high vulnerability CVE-2021-3121 reported in protobuf up to 1.3.1 as mentioned here https://nvd.nist.gov/vuln/detail/CVE-2021-3121.
We need to upgrade protobuf to >= 1.3.2 to fix the given CVE and release new version of gojay package.