dependabot[bot] opened a new pull request, #18714: URL: https://github.com/apache/druid/pull/18714
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 3.7.0 to 3.10.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ascopes/protobuf-maven-plugin/releases";>io.github.ascopes:protobuf-maven-plugin's releases</a>.</em></p> <blockquote> <h2>v3.10.2</h2> <p>What's Changed</p> <ul> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/security/advisories/GHSA-j2pc-v64r-mv4f";>GHSA-j2pc-v64r-mv4f</a>: Fix digest not being verified for system path protoc by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/857";>ascopes/protobuf-maven-plugin#857</a></li> </ul> <p>(If this has not yet appeared on Maven Central, please bare with. It appears Sonatype is having an outage and has left my deployments half complete, so I am currently awaiting a response from their support team!)</p> <h2>v3.10.1</h2> <h2>What's Changed</h2> <ul> <li>Restructure URL management scaffolding to be easier to unit test by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/816";>ascopes/protobuf-maven-plugin#816</a></li> <li><a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/822";>GH-822</a>: provisionally deprecate functionality that is unhelpful/confusing by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/823";>ascopes/protobuf-maven-plugin#823</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ascopes/protobuf-maven-plugin/compare/v3.10.0...v3.10.1";>https://github.com/ascopes/protobuf-maven-plugin/compare/v3.10.0...v3.10.1</a></p> <h2>v3.10.0</h2> <h2>New features</h2> <ul> <li>URL parsing has been reimplemented to work with Apache Commons Compress. This allows users to extract plugins implicitly from tarballls and other archive types that are listed in the documentation. This includes: <ul> <li><code>jar:https://somewebsite.lan/archive.jar!/path/to/exe</code></li> <li><code>zip:file://some/local/path/archive.zip!/path/to/exe</code></li> <li><code>ear:https://somewebsite.lan/archive.ear!/path/to/exe</code></li> <li><code>war:https://somewebsite.lan/archive.war!/path/to/exe</code></li> <li><code>kar:https://somewebsite.lan/archive.kar!/path/to/exe</code></li> <li><code>tar:https://somewebsite.lan/archive.tar!/path/to/exe</code></li> <li><code>tar:gz:https://somewebsite.lan/archive.tgz!/path/to/exe</code></li> <li><code>tar:bz2:https://somewebsite.lan/archive.tar.bz2!/path/to/exe</code></li> <li>Further support for LZMA, CPIO archives, 7z archives, XZ, Z, etc is possible, please raise an issue to discuss.</li> </ul> </li> <li>Deeply nested URL protocols are now valid. If you need to extract a tarball from a zip and then extract a file from that tarball, this should work as expected.</li> </ul> <h2>What's Changed</h2> <ul> <li>Build on Java 25 in CI by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/805";>ascopes/protobuf-maven-plugin#805</a></li> <li>Include GH contributing guide and security notes in generated site by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/807";>ascopes/protobuf-maven-plugin#807</a></li> <li>Use v5 codecov action by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/806";>ascopes/protobuf-maven-plugin#806</a></li> <li>Bump com.google.api.grpc:proto-google-common-protos from 2.61.1 to 2.61.2 in /protobuf-maven-plugin/src/it/setup by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/811";>ascopes/protobuf-maven-plugin#811</a></li> <li>Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/809";>ascopes/protobuf-maven-plugin#809</a></li> <li>Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/808";>ascopes/protobuf-maven-plugin#808</a></li> <li>Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/810";>ascopes/protobuf-maven-plugin#810</a></li> <li><a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/804";>GH-804</a>: Document usage of ZIP/JAR archives for sourceDirectories by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/812";>ascopes/protobuf-maven-plugin#812</a></li> <li><a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/802";>GH-802</a>: Reimplement URL handling by decorating input streams with commons-compress by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/803";>ascopes/protobuf-maven-plugin#803</a></li> <li>Bump org.sonatype.central:central-publishing-maven-plugin from 0.8.0 to 0.9.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/813";>ascopes/protobuf-maven-plugin#813</a></li> <li>Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/814";>ascopes/protobuf-maven-plugin#814</a></li> <li>Bump org.immutables:bom from 2.11.3 to 2.11.4 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/815";>ascopes/protobuf-maven-plugin#815</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ascopes/protobuf-maven-plugin/compare/v3.9.1...v3.10.0";>https://github.com/ascopes/protobuf-maven-plugin/compare/v3.9.1...v3.10.0</a></p> <h2>v3.9.1</h2> <h2>What's Changed</h2> <ul> <li>Update ProtoSourceResolver.java to handle WAR and EAR dependencies by <a href="https://github.com/ascopes";><code>@ascopes</code></a> in <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/pull/789";>ascopes/protobuf-maven-plugin#789</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/4df1d836f1ea5ede24b5943d624bd6741cc2d44a";><code>4df1d83</code></a> [maven-release-plugin] prepare release v3.10.2</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/e7632307db8b2c2eb2015604bdcda5baf7943044";><code>e763230</code></a> Merge pull request <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/832";>#832</a> from desprd/feature/GH-824-improve-error-messages-http</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/5ce281139b8a2c9e8a7cb720dd37792b62111145";><code>5ce2811</code></a> Apply suggestion from <a href="https://github.com/ascopes";><code>@ascopes</code></a></li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/52b3a84d81ba0589afeb79f3af13ea8815312696";><code>52b3a84</code></a> Apply suggestion from <a href="https://github.com/ascopes";><code>@ascopes</code></a></li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/27681d2a866dfc81cc4484026bc32e687b339657";><code>27681d2</code></a> Apply suggestion from <a href="https://github.com/ascopes";><code>@ascopes</code></a></li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/7730084f780657dfd9bd489520a1361c1e5bbd46";><code>7730084</code></a> <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/824";>GH-824</a>: Add unit tests for HttpClientUrlConnection, HttpRequestException and ...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/b536a058a13fbf0856aabc0b48553206b42f8735";><code>b536a05</code></a> <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/842";>GH-842</a>: Add nullability annotations to exception class</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/e3038a1145a799d53b5f931de31458241c3ae679";><code>e3038a1</code></a> <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/824";>GH-824</a>: Add Jspecify annotations, use InterruptedIOException for interrupts</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/dbf2beb0ad996e3282eafbd1dbce09fb779ba0cc";><code>dbf2beb</code></a> <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/824";>GH-824</a>: Make HttpClientUrlConnection and HttpUrlStreamHandlerFactory classes ...</li> <li><a href="https://github.com/ascopes/protobuf-maven-plugin/commit/7f5b9f87dccfab131a6cb30667237cf49332911d";><code>7f5b9f8</code></a> <a href="https://redirect.github.com/ascopes/protobuf-maven-plugin/issues/824";>GH-824</a>: Make HttpRequestException extend IOException</li> <li>Additional commits viewable in <a href="https://github.com/ascopes/protobuf-maven-plugin/compare/v3.7.0...v3.10.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/druid/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
