search

google / pprof-nodejs

pprof support for Node.js
Apache License 2.0
251 stars 26 forks source link

fix(deps): update dependency protobufjs to v6.11.3 [security] #218

Closed renovate-bot closed 2 years ago

renovate-bot commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
protobufjs (source) 6.11.2 -> 6.11.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-25878

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.

This vulnerability can occur in multiple ways:

  1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions
  2. by parsing/loading .proto files

Release Notes

protobufjs/protobuf.js ### [`v6.11.3`](https://togithub.com/protobufjs/protobuf.js/releases/tag/v6.11.3) [Compare Source](https://togithub.com/protobufjs/protobuf.js/compare/v6.11.2...v6.11.3) ##### [6.11.3](https://togithub.com/protobufjs/protobuf.js/compare/v6.11.2...v6.11.3) (2022-05-20) ##### Bug Fixes - **deps:** use eslint 8.x ([#​1728](https://togithub.com/protobufjs/protobuf.js/issues/1728)) ([a8681ce](https://togithub.com/protobufjs/protobuf.js/commit/a8681ceab4763e706a848121a2dde56791b89eea)) - do not let setProperty change the prototype ([#​1731](https://togithub.com/protobufjs/protobuf.js/issues/1731)) ([b5f1391](https://togithub.com/protobufjs/protobuf.js/commit/b5f1391dff5515894830a6570e6d73f5511b2e8f))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov-commenter commented 2 years ago

Codecov Report

Merging #218 (7ee1ee0) into main (3898b36) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #218   +/-   ##
=======================================
  Coverage   42.21%   42.21%           
=======================================
  Files          14       14           
  Lines        2061     2061           
  Branches       42       42           
=======================================
  Hits          870      870           
  Misses       1173     1173           
  Partials       18       18

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 3898b36...7ee1ee0. Read the comment docs.