Skip to content

fix(sec): upgrade com.google.protobuf:protobuf-java to 3.21.7#1094

Open
pen4 wants to merge 1 commit intoalibaba:masterfrom
pen4:oscs_fix_ce7b6t8au51s0tihfpq0
Open

fix(sec): upgrade com.google.protobuf:protobuf-java to 3.21.7#1094
pen4 wants to merge 1 commit intoalibaba:masterfrom
pen4:oscs_fix_ce7b6t8au51s0tihfpq0

Conversation

@pen4
Copy link
Copy Markdown

@pen4 pen4 commented Dec 6, 2022

What happened?

There are 1 security vulnerabilities found in com.google.protobuf:protobuf-java 3.16.1

What did I do?

Upgrade com.google.protobuf:protobuf-java from 3.16.1 to 3.21.7 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS
Signed-off-by:pen4948453219@qq.com

@CLAassistant
Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants