closure-compiler icon indicating copy to clipboard operation
closure-compiler copied to clipboard

Published 20 hours ago verified publisher icon google

Usage of vulnerable dependency: protobuf

Open emecea opened this issue 4 years ago • 1 comments

The dependency for protobuf (com.google.protobuf's artifact protobuf-java) has a reported vulnerability as described in https://nvd.nist.gov/vuln/detail/CVE-2015-5237. Updating to a version where this has been patched (3.4.0 onwards apparently, current dependency is for 3.0.2) would be highly advisable.

emecea avatar Jan 06 '20 18:01 emecea

Hi.

~~A new vulnerability in Protobuf has been disclosed the other day: https://nvd.nist.gov/vuln/detail/CVE-2021-22569. Could the Closure-compiler be updated with a non-vulnerable version please?~~

Never mind, was looking at an older version. Looks like the latest Closure-compiler no longer includes Protobuf. Have a nice day ;-)

GunoH avatar Jan 17 '22 07:01 GunoH