Security·just nowprotobuf.js RCE: a 52M/week npm package was one bad type name from code executionGHSA-xq3m-2v4x-88gg hits protobuf.js ≤8.0.0 / ≤7.5.4. Attacker-controlled schemas executed arbitrary JS on decode. One-line fix patched it.
