Bump protobufjs from 7.5.5 to 7.5.8 in /samples/demo by dependabot[bot] · Pull Request #2558 · radius-project/samples

dependabot · 2026-05-13T07:34:18Z

Bumps protobufjs from 7.5.5 to 7.5.8.

Release notes

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

Restore first-match namespace lookup (#2236) (cc7d595)

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

Restore first-match namespace lookup (#2236) (cc7d595)

7.5.6 (2026-04-27)

Bug Fixes

Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

optimize regressions from editions implementations (#2066) (6406d4c)

reserved field inside group blocks fail parsing (#2058) (56782bf)

... (truncated)

Commits

d7035f9 chore: release protobufjs-v7.x (#2248)
54b593f fix: Backport parser hardening to 7.x (#2245)
e88fcea chore: release protobufjs-v7.x (#2239)
cc7d595 fix: Restore first-match namespace lookup (#2236)
3abc9b5 chore: release protobufjs-v7.x (#2190)
a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
2189e5b chore: release protobufjs-v7.x (#2174)
75392ea fix: Backport input hardening and CLI fixes to 7.x (#2173)
8af8d7c chore(ci): Fix 7.x release please configuration (#2169)
e92ca42 chore(ci): Enable release-please for 7.x (#2166)
See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

github-actions · 2026-05-13T07:34:29Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/@protobufjs/codegen

2.0.5

🟢 6.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 4	security policy file detected
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 9	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@protobufjs/inquire

1.1.1

🟢 6.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 4	security policy file detected
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 9	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/@protobufjs/utf8

1.1.1

🟢 6.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 4	security policy file detected
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 9	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/protobufjs

7.5.8

🟢 6.1

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 4	security policy file detected
Code-Review	🟢 7	Found 22/28 approved changesets -- score normalized to 7
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 9	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Files

samples/demo/package-lock.json

brooke-hamilton · 2026-05-13T15:53:30Z

@dependabot rebase

Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.5 to 7.5.8. - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.5...protobufjs-v7.5.8) --- updated-dependencies: - dependency-name: protobufjs dependency-version: 7.5.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 13, 2026

dependabot Bot requested review from a team as code owners May 13, 2026 07:34

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 13, 2026

brooke-hamilton approved these changes May 13, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/npm_and_yarn/samples/demo/protobufjs-7.5.8 branch from 6134c45 to cbacc27 Compare May 13, 2026 15:54

brooke-hamilton approved these changes May 13, 2026

View reviewed changes

brooke-hamilton enabled auto-merge (squash) May 13, 2026 15:56

brooke-hamilton merged commit 3f882fa into v0.57 May 13, 2026
23 checks passed

brooke-hamilton deleted the dependabot/npm_and_yarn/samples/demo/protobufjs-7.5.8 branch May 13, 2026 15:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump protobufjs from 7.5.5 to 7.5.8 in /samples/demo#2558

Bump protobufjs from 7.5.5 to 7.5.8 in /samples/demo#2558
brooke-hamilton merged 1 commit into
v0.57from
dependabot/npm_and_yarn/samples/demo/protobufjs-7.5.8

dependabot Bot commented on behalf of github May 13, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 13, 2026 •

edited

Loading

Uh oh!

brooke-hamilton commented May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

7.5.6 (2026-04-27)

Bug Fixes

7.5.4 (2025-08-15)

Bug Fixes

7.5.3 (2025-05-28)

Bug Fixes

7.5.2 (2025-05-14)

Bug Fixes

7.5.1 (2025-05-08)

Bug Fixes

Uh oh!

github-actions Bot commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

brooke-hamilton commented May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 13, 2026 •

edited

Loading

github-actions Bot commented May 13, 2026 •

edited

Loading