phoedos/pmd
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bump protobuf-java from 3.16.1 to 3.16.3

Browse Source 
Fixes https://github.com/pmd/pmd/security/dependabot/29
Fixes https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
Fixes CVE-2022-3171
This commit is contained in:
Andreas Dangel
2022-10-06 10:03:25 +02:00
parent 905f1432f4
commit f9ccab3d7b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pom.xml
View File

@ -942,11 +942,13 @@
<!-- transitive dependency through org.scalameta:trees_2.13
upgrade to 3.16.1 to fix CVE-2021-22569 A potential Denial of Service issue in protobuf-java
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
upgrade to 3.16.3 to fix CVE-2022-3171 protobuf-java has a potential Denial of Service issue
https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
-->
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>3.16.1</version>
<version>3.16.3</version>
</dependency>
</dependencies>
</dependencyManagement>