Skip to content

Bump protobufjs from 7.5.4 to 7.5.6#658

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/protobufjs-7.5.5
Open

Bump protobufjs from 7.5.4 to 7.5.6#658
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/protobufjs-7.5.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps protobufjs from 7.5.4 to 7.5.6.

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

Changelog

Sourced from protobufjs's changelog.

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 17, 2026
Copilot AI review requested due to automatic review settings April 17, 2026 05:38
@dependabot dependabot Bot review requested due to automatic review settings April 17, 2026 05:38
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/protobufjs-7.5.5 branch from 5190b83 to c1e446d Compare April 20, 2026 11:44
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot April 20, 2026 11:44
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/protobufjs-7.5.5 branch from c1e446d to 1e5fa04 Compare April 22, 2026 14:33
@dependabot dependabot Bot review requested due to automatic review settings April 22, 2026 14:33
@dependabot
Bump protobufjs from 7.5.4 to 7.5.6
b711325 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4 to 7.5.6.
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.6)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump protobufjs from 7.5.4 to 7.5.5 Bump protobufjs from 7.5.4 to 7.5.6 Apr 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/protobufjs-7.5.5 branch from 1e5fa04 to b711325 Compare April 29, 2026 16:44
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot April 29, 2026 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peter-leonov-ch peter-leonov-ch Awaiting requested review from peter-leonov-ch peter-leonov-ch is a code owner

@mshustov mshustov Awaiting requested review from mshustov mshustov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants