Google Bazel vulnerabilities

CVE-2022-3474 [MEDIUM] CWE-522 CVE-2022-3474: A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.

CVE-2021-22539 [HIGH] CWE-73 CVE-2021-22539: An attacker can place a crafted JSON config file into the project folder pointing to a custom execut An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.