tools/protoc-gen-go: Update module google.golang.org/protobuf to v1.33.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
google.golang.org/protobuf | require | minor |
v1.31.0 -> v1.33.0
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
protocolbuffers/protobuf-go
v1.33.0
This release contains one security fix:
-
encoding/protojson
:Unmarshal
could enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains agoogle.protobuf.Any
value, or when theUnmarshalOptions.DiscardUnknown
option is set.Unmarshal
now correctly returns an error when handling these inputs. This is CVE-2024-24786.
v1.32.0
Full Changelog: https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.32.0
This release contains commit https://github.com/protocolbuffers/protobuf-go/commit/bfcd6476a38e41247d6bb43dc8f00b23ec9fffc2, which fixes a denial of service vulnerability by preventing a stack overflow through a default maximum recursion limit. See https://github.com/golang/protobuf/issues/1583 and https://github.com/golang/protobuf/issues/1584 for details.
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.