chore(deps): Bump protobufjs from 7.5.4 to 7.5.5 in /ui by dependabot[bot] · Pull Request #6291 · feast-dev/feast
Conversation
Contributor
Bumps protobufjs from 7.5.4 to 7.5.5.
Release notes
Sourced from protobufjs's releases.
v7.5.5
This release backports two reported security issues to 7.x branch.
- fix: do not allow setting
__proto__in Message constructor (#2126)- fix: filter invalid characters from the type name (#2127)
Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5
Changelog
Sourced from protobufjs's changelog.
Changelog
8.0.3 (2026-04-27)
Bug Fixes
8.0.2 (2026-04-27)
Bug Fixes
- Accept empty statements in proto definitions (#2176) (a26dd61)
- Correct alternate comment mode line numbers (#2159) (e550cd2)
- Correct ES6 wrapper imports in static-module output (#2151) (88f5a76)
- Don't include
[@exports](https://github.com/exports)for enums (#1824) (eb256f0)- Forward group end tag in lazy decode (#2162) (3a48675)
- Harden input handling (#2163) (6eb3a3b)
- limit depth of recursion in Reader.prototype.skipType (#2143) (0f643d5)
- Parse empty repeated options (#2161) (8c5060f)
- refactor the code to remove subpackages (#2146) (2fe8b09)
- Remove jsdoc includePattern (#2089) (0fead2e)
- Run pbts jsdoc without a shell (#2160) (648b760)
- Support .cjs and .mjs extensions in pbts (#2152) (aef016a)
8.0.1 (2026-03-11)
Bug Fixes
- bump protobufjs dependency version for cli package (#2128) (549b05e)
- correct json syntax in tsconfig.json (#2120) (8065625)
- descriptor: guard oneof index for non-Type parents (#2122) (1cac5cf)
- do not allow setting proto in Message constructor (#2126) (f05e3c3)
- filter invalid characters from the type name (#2127) (535df44)
8.0.0 (2025-12-16)
⚠ BREAKING CHANGES
- add Edition 2024 Support (#2060)
Features
Commits
Maintainer changes
This version was pushed to npm by fenster, a new releaser for protobufjs since your current version.
labels
labels
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
devin-ai-integration
Bot
reviewed
devin-ai-integration
Bot
left a comment
Contributor
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✅ Devin Review: No Issues Found
Devin Review analyzed this PR and found no bugs or issues to report.
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.4 to 7.5.5. - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5) --- updated-dependencies: - dependency-name: protobufjs dependency-version: 7.5.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
3351478 to
668b455
Compare
dependabot
Bot
commented
on behalf of github
May 12, 2026
dependabot Bot commented on behalf of github
Contributor Author
Superseded by #6399.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment