This is an automated email from the ASF dual-hosted git repository.

zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-go.git


The following commit(s) were added to refs/heads/main by this push:
     new 80421883 chore: Bump github.com/apache/thrift from 0.22.0 to 0.24.0 
(#932)
80421883 is described below

commit 804218833c2f3e2418f5352e4025e34429b807c3
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Jul 13 16:44:03 2026 -0400

    chore: Bump github.com/apache/thrift from 0.22.0 to 0.24.0 (#932)
    
    Bumps [github.com/apache/thrift](https://github.com/apache/thrift) from
    0.22.0 to 0.24.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    href="https://github.com/apache/thrift/releases";>github.com/apache/thrift's
    releases</a>.</em></p>
    <blockquote>
    <h2>Version 0.24.0</h2>
    <p>Please head over to the official release download source:
    <a
    
href="http://thrift.apache.org/download";>http://thrift.apache.org/download</a></p>
    <p>The assets listed below are added by Github based on the release tag
    and they will therefore not match the checkums published on the Thrift
    project website.</p>
    <h2>Version 0.23.0</h2>
    <p>Please head over to the official release download source:
    <a
    
href="http://thrift.apache.org/download";>http://thrift.apache.org/download</a></p>
    <p>The assets listed below are added by Github based on the release tag
    and they will therefore not match the checkums published on the Thrift
    project website.</p>
    </blockquote>
    </details>
    <details>
    <summary>Changelog</summary>
    <p><em>Sourced from <a
    
href="https://github.com/apache/thrift/blob/master/CHANGES.md";>github.com/apache/thrift's
    changelog</a>.</em></p>
    <blockquote>
    <h2>0.24.0</h2>
    <h3>Build Process</h3>
    <ul>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5000";>THRIFT-5000</a>
    - Thrift docker image publish on releases</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5855";>THRIFT-5855</a>
    - Improve fuzzing support</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5952";>THRIFT-5952</a>
    - Optimize MSVC Docker image to reduce size and speed up CI</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5965";>THRIFT-5965</a>
    - Add zizmor for GitHub Actions workflows security analysis</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5967";>THRIFT-5967</a>
    - Refactor SCA GitHub workflow for better extensibility</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-5973";>THRIFT-5973</a>
    - Automated CHANGELOG creation</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-6002";>THRIFT-6002</a>
    - Add netstd codegen test script and GitHub Actions CI matrix job (.NET
    8/9/10)</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-6003";>THRIFT-6003</a>
    - Add Haxe codegen test script and GitHub Actions CI job</li>
    <li><a
    href="https://issues.apache.org/jira/browse/THRIFT-6077";>THRIFT-6077</a>
    - improve CHANGES.md generator section assignment</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3613";>#3613</a> -
    Bump rubygems/release-gem from 1.2.0 to 1.4.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3616";>#3616</a> -
    Bump ruby/setup-ruby from 1.310.0 to 1.314.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3617";>#3617</a> -
    Bump rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3618";>#3618</a> -
    Bump jvm from 2.3.21 to 2.4.0 in /lib/kotlin</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3619";>#3619</a> -
    Bump com.diffplug.spotless from 8.5.1 to 8.7.0 in /lib/kotlin</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3615";>#3615</a> -
    Bump actions/setup-go from 6.4.0 to 6.5.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3597";>#3597</a> -
    fix off-by-ten header bounds check in readHeaderFormat</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3593";>#3593</a> -
    Bump shell-quote from 1.7.3 to 1.8.4 in /lib/js</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3591";>#3591</a> -
    Bump shell-quote from 1.7.3 to 1.8.4 in /lib/ts</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3589";>#3589</a> -
    Update MSVC CI to windows-2025-vs2026 runner and start Docker service
    explicitly</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3581";>#3581</a> -
    Run the Haxe library unit tests (neko) in CI</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3576";>#3576</a> -
    Bump ruby/setup-ruby from 1.306.0 to 1.310.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3575";>#3575</a> -
    Bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3577";>#3577</a> -
    Bump actions/setup-dotnet from 4.3.1 to 5.2.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3574";>#3574</a> -
    Bump com.diffplug.spotless from 8.4.0 to 8.5.1 in /lib/kotlin</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3572";>#3572</a> -
    Bump org.jetbrains.kotlinx:kotlinx-coroutines-jdk8 in /lib/kotlin</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3578";>#3578</a> -
    Harden the MSVC build workflow against transient Docker daemon
    unavailability</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3564";>#3564</a> -
    Enable Copilot reviews</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3565";>#3565</a> -
    Allow CI to fail on ruby-head</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3517";>#3517</a> -
    Bump uuid and nyc</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3513";>#3513</a> -
    Remove Ruby known failures from cross-test list</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3501";>#3501</a> -
    Fix netstd CI .NET SDK setup</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3496";>#3496</a> -
    Add generator paths to mergeable labels</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3430";>#3430</a> -
    Updated projects settings in .asf.yaml (features, merge buttons, Jira
    autolinking)</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3487";>#3487</a> -
    Update to setup-php 2.37.1</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3471";>#3471</a> -
    Update build.yml</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3461";>#3461</a> -
    Migration *.sln to *.slnx (except c++ libs)</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3454";>#3454</a> -
    Fixing bundler on ruby-head build</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3440";>#3440</a> -
    Removed deprecated 'publish' workflow</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3439";>#3439</a> -
    Pin all actions to a specific SHA consistently</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3437";>#3437</a> -
    Validate GitHub workflows against the ASF allowlist</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3433";>#3433</a> -
    Pin actions/upload-artifact to a specific SHA consistently</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3433";>#3433</a> -
    Bump actions/upload-artifact from 7.0.0 to 7.0.1</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3434";>#3434</a> -
    Bump jvm from 2.3.20 to 2.3.21 in /lib/kotlin</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3423";>#3423</a> -
    Bump uuid from 13.0.0 to 14.0.0</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3424";>#3424</a> -
    Bump json from 2.18.1 to 2.19.2 in /lib/rb</li>
    <li><a
    href="https://redirect.github.com/apache/thrift/pull/3404";>#3404</a> -
    Cleanup Adobe Flex SDK installation following AS3 library removal</li>
    </ul>
    <!-- raw HTML omitted -->
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    
href="https://github.com/apache/thrift/commit/6d2ec95f450b4ce404afb8929ff479e68770141a";><code>6d2ec95</code></a>
    Tune make dist: drop generated/build artifacts, add missing sources</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/4f303a2413c9f6b0116a0714c55a7686579109e6";><code>4f303a2</code></a>
    Strip node_modules from dist to fix make dist symlink recursion</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/270b81edfb343546a6ed1dbc03d9d82633c91af2";><code>270b81e</code></a>
    Fix stale EXTRA_DIST references that broke make dist</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/c1df044f2eb290c7e51cc99ddb547e34fdbf0430";><code>c1df044</code></a>
    Fix Go and Rust version detection for multi-digit version numbers</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/342a80320e959ced1956a70fd5fd2624f0e01398";><code>342a803</code></a>
    updated CHANGES.md</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/0d66913b703d48156bec6530d8f3bc478d501f27";><code>0d66913</code></a>
    bump doap &amp; debian changelog</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/f961cdb44249c293fcce6a840ffa1f7419fd88d0";><code>f961cdb</code></a>
    fix info-header string bound check in THeaderTransport::readString</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/0ab16e3a83637711f4e0f788c205f66576fd0a55";><code>0ab16e3</code></a>
    enforce max_string_size on non-strict binary message name</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/817e0f17a84264f894dad62e8fcbb146070790e0";><code>817e0f1</code></a>
    Bump rubygems/release-gem from 1.2.0 to 1.4.0</li>
    <li><a
    
href="https://github.com/apache/thrift/commit/6dfb0b26ea6b9ab9c114e0ef4c0f6e7b8110b242";><code>6dfb0b2</code></a>
    THRIFT-6073: Allow injecting external SSL_CTX into C++ SSLContext</li>
    <li>Additional commits viewable in <a
    href="https://github.com/apache/thrift/compare/v0.22.0...v0.24.0";>compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/apache/thrift&package-manager=go_modules&previous-version=0.22.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    
    
    </details>
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6320f96a..66a5613f 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ tool (
 
 require (
        github.com/andybalholm/brotli v1.2.2
-       github.com/apache/thrift v0.22.0
+       github.com/apache/thrift v0.24.0
        github.com/cespare/xxhash/v2 v2.3.0
        github.com/goccy/go-json v0.10.6
        github.com/google/flatbuffers v25.12.19+incompatible
diff --git a/go.sum b/go.sum
index af6be653..048681c4 100644
--- a/go.sum
+++ b/go.sum
@@ -21,8 +21,8 @@ github.com/andybalholm/brotli v1.2.2 
h1:HzTuoo2ErYQqf5qvcJInB8uvqSVxRttzkFexPWtn
 github.com/andybalholm/brotli v1.2.2/go.mod 
h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/antlr4-go/antlr/v4 v4.13.1 
h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod 
h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
-github.com/apache/thrift v0.22.0 
h1:r7mTJdj51TMDe6RtcmNdQxgn9XcyfGDOzegMDRg47uc=
-github.com/apache/thrift v0.22.0/go.mod 
h1:1e7J/O1Ae6ZQMTYdy9xa3w9k+XHWPfRvdPyJeynQ+/g=
+github.com/apache/thrift v0.24.0 
h1:zy31L1a49QTNB2bG1BBfMXol3yJrTH975G3pPubQVLQ=
+github.com/apache/thrift v0.24.0/go.mod 
h1:zPt6WxgvTOM6hF92y8C+MkEM5LMxZuk4JcQOiU4Esvs=
 github.com/atomicgo/cursor v0.0.1/go.mod 
h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk=
 github.com/cespare/xxhash/v2 v2.3.0 
h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod 
h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=

Reply via email to