From f9ccab3d7bea8cb14d619d42a1ccf3c6cfe33017 Mon Sep 17 00:00:00 2001
From: Andreas Dangel <andreas.dangel@pmd-code.org>
Date: Thu, 6 Oct 2022 10:03:25 +0200
Subject: [PATCH] Bump protobuf-java from 3.16.1 to 3.16.3

Fixes https://github.com/pmd/pmd/security/dependabot/29
Fixes https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
Fixes CVE-2022-3171
---
 pom.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1e3456c9ec..057ccd1db7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -942,11 +942,13 @@
             <!-- transitive dependency through org.scalameta:trees_2.13
                  upgrade to 3.16.1 to fix CVE-2021-22569 A potential Denial of Service issue in protobuf-java
                  https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
+                 upgrade to 3.16.3 to fix CVE-2022-3171 protobuf-java has a potential Denial of Service issue
+                 https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
             -->
             <dependency>
                 <groupId>com.google.protobuf</groupId>
                 <artifactId>protobuf-java</artifactId>
-                <version>3.16.1</version>
+                <version>3.16.3</version>
             </dependency>
         </dependencies>
     </dependencyManagement>