v6.11.4 still listed as vulnerable to CVE-2023-36665

[pwmcintyre]

protobuf.js version: 6.11.4

This version is still being listed as vulnerable to CVE-2023-36665

I understand we should patch to 7.x but we are not able to.

Is it possible to have the nist dataset fixed (see related comments)

related:

• https://github.com/protobufjs/protobuf.js/issues/1918#issuecomment-1693754640
• https://github.com/protobufjs/protobuf.js/issues/1928#issuecomment-1690633778

[pwmcintyre]

it looks as though the Github advisory is fixed, but not elsewhere: ✅ https://github.com/advisories/GHSA-h755-8qp9-cq85 ⚠️ https://nvd.nist.gov/vuln/detail/CVE-2023-36665