dependabot[bot] opened a new pull request, #22257: URL: https://github.com/apache/camel/pull/22257
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 4.1.3 to 5.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ascopes/protobuf-maven-plugin/releases";>io.github.ascopes:protobuf-maven-plugin's releases</a>.</em></p> <blockquote> <h2>v5.1.0</h2> <h2>New features</h2> <ul> <li>Implement "protoc distributions" allowing you to specify the protoc binary to use in the same format that protoc plugins are specified. The old mechanism of specifying a string value is still supported. See the documentation for full usage examples. <ul> <li>This allows users to now override the name of the binary to look for on the system path.</li> <li>Users can now explicitly override the maven classifier, type, group ID, and artifact ID of the protoc binary if pulling from Maven central.</li> </ul> </li> </ul> <h2>Internal updates</h2> <ul> <li>Swapped out default JVM GC for JVM-based protoc plugins from Parallel GC to Serial GC.</li> <li>Adjust initial heap for JVM-based protoc plugins.</li> <li>Build on Maven 3.9.14.</li> <li>Dependency updates.</li> <li>Removed warnings for termux users as they add little benefit outside what is already known.</li> <li>Plexus converters are now scoped per execution, which should allow earlier freeing of some memory after execution completes.</li> </ul> <h2>v5.0.2</h2> <p><strong>Bugfixes:</strong></p> <ul> <li>Reimplement artifact resolution to handle additional edge cases that may previously have bled into other code and caused spurious/unhelpful/vague exceptions during dependency resolution. <ul> <li>Specifically, this handles a case where passing a non-existent classifier on a published dependency could result in an ArrayIndexOutOfBoundsException being raised at runtime. Other edge cases should also be handled more sensibly moving forwards.</li> </ul> </li> </ul> <p><strong>Other changes</strong>:</p> <ul> <li>Dependency resolution now explicitly ensures additional configuration overrides within the Maven/Aether transports are propagated and used correctly with respect to things like proxies and custom authenticators.</li> <li>New examples by <a href="https://github.com/sleepkqq";><code>@sleepkqq</code></a> for building Kotlin gRPC projects in the documentation.</li> <li>Build on Maven 3.9.13 in addition to 3.9.6 and 4.0.0-rc-5, now that the former has been released.</li> </ul> <p>v5.0.1 release notes</p> <ul> <li>Implemented partial workaround for <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/596";>GH-596</a> where users may experience OutOfMemoryExceptions being raised by Eclipse Aether during dependency resolution. - The plugin now follows similar behaviour to Maven Core by not recursing into transitive test dependencies and fat artifact dependencies, which was considered to be surprising and undefined behaviour. <ul> <li>Users depending on the old behaviour should explicitly declare their dependencies following standard Maven conventions.</li> <li>This is not deemed a breaking change since the old behaviour is undefined and does not follow Maven default behaviour.</li> </ul> </li> <li>Reverted offloading project dependency resolution to Maven to address <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/939";>GH-939</a>. <ul> <li>This previously manifested as various Maven reactor failures when resolving sibling dependencies in a Maven multi-module project.</li> <li>Users can now disable dependency resolution for the main project dependencies correctly by setting <code><ignoreProjectDependencies>true</ignoreProjectDependencies></code> and only specify their protobuf dependencies via the plugin itself.</li> </ul> </li> <li>Reduced default concurrency multiplier used for various internal tasks after several JFR profiling sessions showed a general lack of utilisation of the thread pool. <ul> <li>This should reduce idle resources slightly in builds.</li> </ul> </li> <li>Various Aether internals are now cached for the duration of the plugin goal rather than recreated numerous times during dependency resolution. <ul> <li>This should reduce resource usage slightly in builds.</li> </ul> </li> <li>Updated plugin to use <code>protobuf-java:4.34.0</code>for various descriptor file-related activities.</li> <li>Updated project and integration test dependencies to verify plugin compatibility across various component matrices.</li> </ul> <h2>v5.0.0</h2> <p>New major version that removes some old tech debt introduced for backwards API compatibility with minor versions on v4.x and older. This allows extending this plugin with new features moving forwards by removing some limitations around the old way of configuring a couple of aspects.</p> <p>The changes are fairly minor, but migration details have been added below.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/6cd7c5c9a1212633b68eb1e8d5f500940a5e6851";><code>6cd7c5c</code></a> [maven-release-plugin] prepare release v5.1.0</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/9aa300376ccb596e7b111132c33281d1e2a914cb";><code>9aa3003</code></a> Merge pull request <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/970";>#970</a> from ascopes/dependabot/maven/protobuf-maven-plugin/s...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/220e3354195f7ffe8fde3c44b7934be52e990dba";><code>220e335</code></a> Merge pull request <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/969";>#969</a> from ascopes/dependabot/maven/main/com.google.protobu...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/cb5b5111cfef8ffe702933069b105f495748f1c4";><code>cb5b511</code></a> Bump kotlin.version in /protobuf-maven-plugin/src/it/setup</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/ede27c3dd44ca5c5ec6bab85f2690d27c1ff33e0";><code>ede27c3</code></a> Merge pull request <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/972";>#972</a> from ascopes/dependabot/maven/protobuf-maven-plugin/s...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/50a111ea8577e1edf1357b3f88d4a20803b9ffc5";><code>50a111e</code></a> Merge pull request <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/971";>#971</a> from ascopes/dependabot/maven/protobuf-maven-plugin/s...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/17e75d1c00d3300d4148a51bc9c78d81d40ec9a3";><code>17e75d1</code></a> Bump io.grpc:grpc-bom in /protobuf-maven-plugin/src/it/setup</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/2132646283f1eefb0696ed24de39c84ae8a30e98";><code>2132646</code></a> Bump com.google.api.grpc:proto-google-common-protos</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/9faab63945dbfdc1cb1586a4cf6d69ec35ef0c82";><code>9faab63</code></a> Bump com.google.protobuf:protobuf-bom from 4.34.0 to 4.34.1</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/a8c2553a414f6d9f298bd5b645824c8a6bb2e524";><code>a8c2553</code></a> Replace HashMap with ConcurrentHashMap for kindMappings</li> <li>Additional commits viewable in <a href="https://github.com/ascopes/protobuf-maven-plugin/compare/v4.1.3...v5.1.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
