Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to upgrade protobufjs to >= 7.2.5 #4728

Closed
1 of 2 tasks
simongarciam opened this issue May 22, 2024 · 1 comment · Fixed by #4732
Closed
1 of 2 tasks

Is it possible to upgrade protobufjs to >= 7.2.5 #4728

simongarciam opened this issue May 22, 2024 · 1 comment · Fixed by #4732

Comments

@simongarciam
Copy link

  • This only affects the JavaScript OpenTelemetry library
  • This may affect other libraries, but I would like to get opinions here first

We use this library and our security scans are picking up the protobufjs vulnerability

See https://nvd.nist.gov/vuln/detail/CVE-2023-36665

there are multiple instances of this library being used in the code base, this is one example
https://github.com/open-telemetry/opentelemetry-js/blob/main/experimental/packages/otlp-transformer/package.json#L93
@pichlermarc pichlermarc mentioned this issue May 24, 2024
Merged
@simongarciam
Copy link
Author

Thanks for the update!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@simongarciam