Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade protobuf to v3.25.5. #44

Merged
merged 1 commit into from
Dec 13, 2024
Merged

Upgrade protobuf to v3.25.5. #44

merged 1 commit into from
Dec 13, 2024

Conversation

G8XSU
Copy link
Collaborator

@G8XSU G8XSU commented Dec 13, 2024
edited
Loading

Earlier versions are impacted by CVE-2024-7254. Even though we don't use groups or nested fields and mostly are not impacted directly. We upgrade nonetheless to ensure safe use in case of unknown fields.

Acc. to

3.25.5 is one of the recommended versions.

Prost in rust is not impacted as far as we know: rustsec/advisory-db#2169 (comment)

@G8XSU
Upgrade protobuf to v3.25.5.
aea2711 
Earlier versions are impacted by `CVE-2024-7254`. Even though
we don't use groups or nested fields and mostly are not impacted directly.
We upgrade nonetheless to ensure safe use in case on unknown fields.
@G8XSU G8XSU requested review from jkczyz and Copilot December 13, 2024 21:08
Copilot
Copilot AI reviewed Dec 13, 2024
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 28 out of 29 changed files in this pull request and generated no comments.

Files not reviewed (1)
  • java/app/build.gradle: Language not supported
@G8XSU G8XSU merged commit 37fe9ae into lightningdevkit:main Dec 13, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot Copilot left review comments

@jkczyz jkczyz jkczyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@G8XSU @jkczyz