closure-compiler
closure-compiler copied to clipboard
Usage of vulnerable dependency: protobuf
The dependency for protobuf (com.google.protobuf's artifact protobuf-java) has a reported vulnerability as described in https://nvd.nist.gov/vuln/detail/CVE-2015-5237. Updating to a version where this has been patched (3.4.0 onwards apparently, current dependency is for 3.0.2) would be highly advisable.
Hi.
~~A new vulnerability in Protobuf has been disclosed the other day: https://nvd.nist.gov/vuln/detail/CVE-2021-22569. Could the Closure-compiler be updated with a non-vulnerable version please?~~
Never mind, was looking at an older version. Looks like the latest Closure-compiler no longer includes Protobuf. Have a nice day ;-)