Snyk is reporting vulnerabilities in the version of protobuf used indirectly by the publisher. This PR updates protobuf.
If you run go mod tidy, go will decide that we don't use it and it should be removed. I've added a comment indicating it should not be removed; hopefully if that shows up removed in a PR diff we'll see it and revert that part of the change.
Intent
Snyk is reporting vulnerabilities in the version of protobuf used indirectly by the publisher. This PR updates protobuf.
If you run
go mod tidy
, go will decide that we don't use it and it should be removed. I've added a comment indicating it should not be removed; hopefully if that shows up removed in a PR diff we'll see it and revert that part of the change.Type of Change
Automated Tests
Existing tests should pass.