fix(deps): update dependency protobufjs to v7.2.5 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
protobufjs (source)	7.1.2 -> 7.2.5

GitHub Vulnerability Alerts

CVE-2023-36665

protobuf.js (aka protobufjs) 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about Object.constructor.prototype.<new-property> = ...; whereas CVE-2022-25878 was about Object.__proto__.<new-property> = ...; instead.

---

Release Notes

protobufjs/protobuf.js (protobufjs)

### [`v7.2.5`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#725-2023-08-21) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.4...protobufjs-v7.2.5) ##### Bug Fixes - crash in comment parsing ([#​1890](https://redirect.github.com/protobufjs/protobuf.js/issues/1890)) ([eaf9f0a](https://redirect.github.com/protobufjs/protobuf.js/commit/eaf9f0a5a4009a8981c69af78365dfc988ed925b)) - deprecation warning for new Buffer ([#​1905](https://redirect.github.com/protobufjs/protobuf.js/issues/1905)) ([e93286e](https://redirect.github.com/protobufjs/protobuf.js/commit/e93286ef70d2e673c341ac08a192cc2abe6fd2eb)) - possible infinite loop when parsing option ([#​1923](https://redirect.github.com/protobufjs/protobuf.js/issues/1923)) ([f2a8620](https://redirect.github.com/protobufjs/protobuf.js/commit/f2a86201799af5842e1339c22950abbb3db00f51)) ### [`v7.2.4`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#724-2023-06-23) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.3...protobufjs-v7.2.4) ##### Bug Fixes - do not let setProperty change the prototype ([#​1899](https://redirect.github.com/protobufjs/protobuf.js/issues/1899)) ([e66379f](https://redirect.github.com/protobufjs/protobuf.js/commit/e66379f451b0393c27d87b37fa7d271619e16b0d)) ### [`v7.2.3`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#723-2023-03-27) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.2...protobufjs-v7.2.3) ##### Bug Fixes - type names can be split into multiple tokens ([#​1877](https://redirect.github.com/protobufjs/protobuf.js/issues/1877)) ([8817ee6](https://redirect.github.com/protobufjs/protobuf.js/commit/8817ee613dfcf55f7f6fa8704f3fdd3e68c0e1d8)) ### [`v7.2.2`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#722-2023-02-07) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.1...protobufjs-v7.2.2) ##### Bug Fixes - do not allow to extend same field twice to prevent the error ([#​1784](https://redirect.github.com/protobufjs/protobuf.js/issues/1784)) ([14f0536](https://redirect.github.com/protobufjs/protobuf.js/commit/14f05364a04fe1ca0bfb278b3407e058c6b5a1ab)) ### [`v7.2.1`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#721-2023-02-02) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.0...protobufjs-v7.2.1) ##### Bug Fixes - **cli:** fix relative path to Google pb files ([#​1859](https://redirect.github.com/protobufjs/protobuf.js/issues/1859)) ([e42eea4](https://redirect.github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2)) - Revert "fix: error should be thrown" ([4489fa7](https://redirect.github.com/protobufjs/protobuf.js/commit/4489fa771464bcb49b57149760e9cc4131e8077e)) - use bundled filename to fix common pb includes ([#​1860](https://redirect.github.com/protobufjs/protobuf.js/issues/1860)) ([dce9a2e](https://redirect.github.com/protobufjs/protobuf.js/commit/dce9a2ef92d363752e40b295b0da9bd178f82e83)) - use ES5 style function syntax ([#​1830](https://redirect.github.com/protobufjs/protobuf.js/issues/1830)) ([64e8936](https://redirect.github.com/protobufjs/protobuf.js/commit/64e8936ad9f73c68b3fa1e57857dd38323b5a745)) ### [`v7.2.0`](https://redirect.github.com/protobufjs/protobuf.js/blob/HEAD/CHANGELOG.md#720-2023-01-24) [Compare Source](https://redirect.github.com/protobufjs/protobuf.js/compare/protobufjs-v7.1.2...protobufjs-v7.2.0) ##### Features - **cli:** generate static files at the granularity of proto messages ([#​1840](https://redirect.github.com/protobufjs/protobuf.js/issues/1840)) ([32f2d6a](https://redirect.github.com/protobufjs/protobuf.js/commit/32f2d6a68b27997bd0f7619998695a9fa7a4fd70)) ##### Bug Fixes - error should be thrown ([#​1817](https://redirect.github.com/protobufjs/protobuf.js/issues/1817)) ([e7a3489](https://redirect.github.com/protobufjs/protobuf.js/commit/e7a34897a122342485468999a507626f1ea91507))

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.