CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4

google / pprof-nodejs

pprof support for Node.js

Apache License 2.0

255 stars 26 forks source link

Closed letsgolesco closed 1 year ago

letsgolesco commented 1 year ago

pprof depends on a vulnerable library protobufjs ~7.0.0 A fix is available in protobufjs 7.2.4 Vulnerability link: https://github.com/advisories/GHSA-h755-8qp9-cq85

Can we upgrade this dependency to 7.2.4?

aabmass commented 1 year ago

Thanks for flagging, I'll take this