This is an automated email from the ASF dual-hosted git repository.
csy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new 21a63806a ORC-1750: Bump `protobuf-java` to 3.25.4
21a63806a is described below
commit 21a63806a8222dbee79f0476431133bcf147c04d
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Jul 30 11:24:50 2024 +0800
ORC-1750: Bump `protobuf-java` to 3.25.4
Bumps
[com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf)
from 3.25.3 to 3.25.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/e915ce24b3d43c0fffcbf847354288c07dda1de0";><code>e915ce2</code></a>
Updating version.json and repo version numbers to: 25.4</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/6eb8b00091826ad683d87bb47f628564b2fc488d";><code>6eb8b00</code></a>
Merge pull request <a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/17525";>#17525</a>
from protocolbuffers/fix-25.x-staleness</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/d491c4cd63964571642d3d71fa4163121ab4e93d";><code>d491c4c</code></a>
Merge branch '25.x' into fix-25.x-staleness</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/314fc8b134c3769efa99651d5daebf57578a01cc";><code>314fc8b</code></a>
drop 2.7 in linux test (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/17524";>#17524</a>)</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/eb1fdd39b44817f63d14c3e3321128e04350d220";><code>eb1fdd3</code></a>
fix targets</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/a5dadc3eeedd3e35d9cb02ac5c9a5670994c1abe";><code>a5dadc3</code></a>
update bazel to 6.3.2</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/c3b9b4fb21ae324694c7e8ba53ee1ac3155adae9";><code>c3b9b4f</code></a>
backport staleness changes to 25.x</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/fb0520ebb2f75b60456526e0a18daa2155ba6187";><code>fb0520e</code></a>
Merge pull request <a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/17514";>#17514</a>
from protocolbuffers/cp-25</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/bdb1f75fdb0224960972d59faac0ee889cfcf053";><code>bdb1f75</code></a>
Downgrade CMake to 3.29 to workaround Abseil issue.</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/165cf123c13df4fc6a38a9324c85309c4d571348";><code>165cf12</code></a>
Check that size is non-negative when reading string or bytes in
StreamDecoder.</li>
<li>Additional commits viewable in <a
href="https://github.com/protocolbuffers/protobuf/compare/v3.25.3...v3.25.4";>compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| com.google.protobuf:protobuf-java | [>= 4.a, < 5] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #1991 from
dependabot[bot]/dependabot/maven/java/com.google.protobuf-protobuf-java-3.25.4.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Shaoyun Chen <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index c6981124d..99dee6809 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -79,7 +79,7 @@
<orc-format.version>1.0.0</orc-format.version>
<!-- Build Properties -->
<project.build.outputTimestamp>2024-01-08T16:47:56Z</project.build.outputTimestamp>
- <protobuf.version>3.25.3</protobuf.version>
+ <protobuf.version>3.25.4</protobuf.version>
<slf4j.version>2.0.13</slf4j.version>
<storage-api.version>2.8.1</storage-api.version>
<surefire.version>3.0.0-M5</surefire.version>
