Skip to content

Commit a93be01

Browse files
brianmcareybrianmcarey
committed
vitess-23: update protobufjs to 7.5.5 to remediate CVE-2026-41242 (#72463)
Signed-off-by: Brian Carey <brian.carey@chainguard.dev> Export: e52374e8976c0fdbfd2129c081b5225d1e34d8de
1 parent 3e79e04 commit a93be01

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

vitess-23.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
package:
22
name: vitess-23
33
version: "23.0.3"
4-
epoch: 14 # GHSA-xmrv-pmrh-hhx2
4+
epoch: 15 # GHSA-xq3m-2v4x-88gg
55
description: Autoscaling components for Kubernetes
66
copyright:
77
- license: Apache-2.0
@@ -108,6 +108,7 @@ pipeline:
108108
npm pkg set dependencies.svgo="^3.3.3" # GHSA-xpqw-6gx7-v673
109109
npm pkg set overrides.immutable="5.1.5" # GHSA-wf6x-7x77-mvgw
110110
npm pkg set overrides.flatted="3.4.2" # GHSA-25h7-pfq9-p65f, GHSA-rf6f-7fwh-wjgh
111+
npm pkg set overrides.protobufjs="7.5.5" # GHSA-xq3m-2v4x-88gg CVE-2026-41242
111112
# GHSA-3v7f-55p6-f55p GHSA-c2c7-rcm5-vvqj GHSA-27v5-c462-wpq7 GHSA-j3q9-mxjg-w52f GHSA-48c2-rrv3-qjmp
112113
jq '.overrides["picomatch@2"] = "2.3.2" | .overrides["picomatch@4"] = "4.0.4" | .dependencies["path-to-regexp"] = "8.4.0" | .overrides["yaml@1"] = "1.10.3" | .overrides["yaml@2"] = "2.8.3"' package.json > package.json.tmp && mv package.json.tmp package.json
113114

0 commit comments

Comments
 (0)