Open slobad123 opened 3 weeks ago
Looking to install a version of this program that fixes this CVE related to the github.com/gogo/protobuf package: https://nvd.nist.gov/vuln/detail/CVE-2021-3121
The tip of master currently has the updated version of this library (v1.3.2) where the CVE is addressed.
However, installing this version yields the following error
go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@affddd4a
# github.com/golang/protobuf/protoc-gen-go/descriptor go/pkg/mod/github.com/golang/protobuf@v1.5.3/protoc-gen-go/descriptor/descriptor.pb.go:106:61: undefined: descriptorpb.Default_FileOptions_PhpGenericServices
This thread implies the fix is to bump the github.com/golang/protobuf dependency version to v1.5.4 https://github.com/golang/protobuf/issues/1596#issuecomment-1981208282
go build is successful after bumping the version to 1.5.4 in a local checkout.
go build
Looking to install a version of this program that fixes this CVE related to the github.com/gogo/protobuf package: https://nvd.nist.gov/vuln/detail/CVE-2021-3121
The tip of master currently has the updated version of this library (v1.3.2) where the CVE is addressed.
However, installing this version yields the following error
go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@affddd4a
# github.com/golang/protobuf/protoc-gen-go/descriptor go/pkg/mod/github.com/golang/protobuf@v1.5.3/protoc-gen-go/descriptor/descriptor.pb.go:106:61: undefined: descriptorpb.Default_FileOptions_PhpGenericServices
This thread implies the fix is to bump the github.com/golang/protobuf dependency version to v1.5.4 https://github.com/golang/protobuf/issues/1596#issuecomment-1981208282
go buildis successful after bumping the version to 1.5.4 in a local checkout.