Skip to content

chore(deps): bump protobufjs from 7.5.3 to 7.5.6 in /packages/opentelemetry-node#1448

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/packages/opentelemetry-node/protobufjs-7.5.6
Open

chore(deps): bump protobufjs from 7.5.3 to 7.5.6 in /packages/opentelemetry-node#1448
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/packages/opentelemetry-node/protobufjs-7.5.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026
edited
Loading

Bumps protobufjs from 7.5.3 to 7.5.6.

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

Changelog

Sourced from protobufjs's changelog.

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 29, 2026 20:11
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 29, 2026
trentm
trentm requested changes Apr 29, 2026
View reviewed changes
Comment thread packages/opentelemetry-node/package-lock.json Outdated
"version": "8.0.1",
"resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-8.0.1.tgz",
"integrity": "sha512-NWWCCscLjs+cOKF/s/XVNFRW7Yih0fdH+9brffR5NZCy8k42yRdl5KlWKMVXuI1vfCoy4o1z80XR/W/QUb3V3w==",
"version": "8.0.3",
Copy link
Copy Markdown
Member

@trentm trentm Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cannot take this. protobufjs@8.0.3 is know to break some tests in upstream OTel JS. They've locked to 8.0.1 for now.

@trentm trentm self-assigned this Apr 29, 2026
@dependabot
chore(deps): bump protobufjs in /packages/opentelemetry-node
6388c8b 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.3 to 7.5.6.
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.3...protobufjs-v7.5.6)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/opentelemetry-node/protobufjs-7.5.6 branch from c9d8743 to 6388c8b Compare April 30, 2026 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trentm trentm trentm requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@trentm trentm

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@trentm