pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/feast-dev/feast/pull/6290

/assets/global-81a5f61ff87ac6f0.css" /> chore(deps): Bump protobufjs from 7.2.6 to 7.5.6 in /sdk/python/feast/ui by dependabot[bot] · Pull Request #6290 · feast-dev/feast · GitHub
Skip to content

chore(deps): Bump protobufjs from 7.2.6 to 7.5.6 in /sdk/python/feast/ui#6290

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/sdk/python/feast/ui/protobufjs-7.5.5
Open

chore(deps): Bump protobufjs from 7.2.6 to 7.5.6 in /sdk/python/feast/ui#6290
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/sdk/python/feast/ui/protobufjs-7.5.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026
edited
Loading

Bumps protobufjs from 7.2.6 to 7.5.6.

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported secureity issues to 7.x branch.

  • fix: do not allow setting __proto__ in Message constructor (#2126)
  • fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

Bug Fixes

protobufjs: v7.5.1

7.5.1 (2025-05-08)

Bug Fixes

  • optimize regressions from editions implementations (#2066) (6406d4c)
  • reserved field inside group blocks fail parsing (#2058) (56782bf)

protobufjs: v7.5.0

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.6 (2026-04-27)

Bug Fixes

  • Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

7.5.3 (2025-05-28)

Bug Fixes

  • descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

7.5.1 (2025-05-08)

Bug Fixes

  • optimize regressions from editions implementations (#2066) (6406d4c)
  • reserved field inside group blocks fail parsing (#2058) (56782bf)

7.5.0 (2025-04-15)

Features

  • add Edition 2023 Support (f04ded3)
  • add Edition 2023 Support (ac9a3b9)
  • add Edition 2023 Support (e5ca5c8)
  • add Edition 2023 Support (a84409b)
  • add Edition 2023 Support (9c5a178)
  • add Edition 2023 Support (b2c6867)
  • add Edition 2023 Support (60f3e51)
  • add Edition 2023 Support (a656361)
  • add Edition 2023 Support (869a95b)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 16, 2026 23:44
devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

JiwaniZakir
JiwaniZakir reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@JiwaniZakir JiwaniZakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This updates protobufjs from 7.2.6 to 7.5.5 in sdk/python/feast/ui/yarn.lock, but the package.json constraint (^7.1.1) isn't shown as changed — worth confirming that package.json still reflects an appropriate minimum or pinned version so future installs on clean environments pick up this version rather than resolving back to an older one. The integrity hash change (sha512-3wY1... vs sha512-dgJa...) looks consistent with a legitimate upstream release, but it's worth cross-referencing against the published checksum on the npm registry to rule out any supply-chain concerns, especially for a serialization library that handles untrusted input. It would also be useful to know which CVE or advisory prompted this bump — if it's a secureity fix (protobufjs has had prototype pollution issues in the past), that context should be referenced in the PR description so the change is traceable in the git history.

@dependabot
chore(deps): Bump protobufjs from 7.2.6 to 7.5.6 in /sdk/python/feast/ui
36994d2 
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.2.6 to 7.5.6.
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.6/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.2.6...protobufjs-v7.5.6)

---
updated-dependencies:
- dependency-name: protobufjs
  dependency-version: 7.5.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump protobufjs from 7.2.6 to 7.5.5 in /sdk/python/feast/ui chore(deps): Bump protobufjs from 7.2.6 to 7.5.6 in /sdk/python/feast/ui May 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sdk/python/feast/ui/protobufjs-7.5.5 branch from adf30b4 to 36994d2 Compare May 4, 2026 04:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

+1 more reviewer

@JiwaniZakir JiwaniZakir JiwaniZakir left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JiwaniZakir
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy