Skip to content

refactor: Bump protobufjs from 7.5.4 to 7.6.0#3359

Closed
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/protobufjs-7.5.8
Closed

refactor: Bump protobufjs from 7.5.4 to 7.6.0#3359
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/protobufjs-7.5.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026
edited
Loading

Bumps protobufjs from 7.5.4 to 7.6.0.

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

Changelog

Sourced from protobufjs's changelog.

7.6.0 (2026-05-18)

Features

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels May 13, 2026
@dependabot dependabot Bot mentioned this pull request May 13, 2026
Closed
@dependabot
refactor: Bump protobufjs from 7.5.4 to 7.6.0
08de050 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4 to 7.6.0.
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.0/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.6.0)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.8
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title refactor: Bump protobufjs from 7.5.4 to 7.5.8 refactor: Bump protobufjs from 7.5.4 to 7.6.0 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/protobufjs-7.5.8 branch from 81a33b1 to 08de050 Compare May 18, 2026 19:53
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 18, 2026

Superseded by #3362.

@dependabot dependabot Bot closed this May 18, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/protobufjs-7.5.8 branch May 18, 2026 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants