[Snyk] Security upgrade protobufjs from 6.8.8 to 6.11.3

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/v8/tools/tracing/proto-converter/package.json
  • deps/v8/tools/tracing/proto-converter/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	803/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: protobufjs

The new version differs by 106 commits.

• b130dfd chore(6.x): release 6.11.3 (test: fs.createReadStream weirdness on Windows CI nodejs/node#1737)
• c2c17ae build: publish to main
• b2c6a5c build: run tests if ci label added (test: fix test-sync-io-option nodejs/node#1734)
• a8681ce fix(deps): use eslint 8.x (TLS localAddress bind not working  nodejs/node#1728)
• b5f1391 fix: do not let setProperty change the prototype (docs: state decoding behavior for url pathname nodejs/node#1731)
• 7afd0a3 build: configure 6.x as default branch
• 37285d0 build: configure backports
• d127871 fix: rebuild type, release v6.11.2
• da9fdd2 fix(types): bring back Field.rule to .d.ts
• a2ccda1 chore: release v6.11.1
• ecd6a48 fix: parse.js "parent.add(oneof)“ error (Revert url perf changes nodejs/node#1602)
• 49b19fb docs: update changelog
• 18fb310 chore: rebuild
• 2de8d50 deps: set @ types/node to >= (repl: do not save history for non-terminal repl nodejs/node#1575)
• b37b296 feat: add --no-service option for pbjs static target (Fix deprecation warnings nodejs/node#1577)
• 9201173 chore: rebuild
• 703d0f6 chore: release v6.11.0
• e87b9d3 fix: fromObject should not initialize oneof members (timers: use Number() on timeout/repeat values nodejs/node#1597)
• c39195c fix: rebuild
• 2d48c59 chore: pre-release v6.11.0-pre
• 0f88cb1 feat: proto3 optional support
• aea41b8 chore: release 6.10.2 (build: fix shared library flags logic nodejs/node#1454)
• 3d29969 fix: make parsedOptions appear in method JSON representation (Merge v8 changes nodejs/node#1506)
• ade223d chore(deps): update dependency browserify to v17 (Net: Defer reading until listeners could be added nodejs/node#1496)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
5347521-df30-11ec-9e35-1060c58d3573