This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new f76d23f48 ORC-1934: Upgrade `protobuf-java` to 3.25.8
f76d23f48 is described below
commit f76d23f486a4516d6708f4f2a76c090265fa0956
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Jun 20 12:56:15 2025 -0700
ORC-1934: Upgrade `protobuf-java` to 3.25.8
Bumps
[com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf)
from 3.25.5 to 3.25.8.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/a4cbdd3ed0042e8f9b9c30e8b0634096d9532809";><code>a4cbdd3</code></a>
Updating version.json and repo version numbers to: 25.8</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/29445be43d3235115f1f60c874a04c2147ea0488";><code>29445be</code></a>
Merge pull request <a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/21880";>#21880</a>
from shaod2/py-25</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/cc13b69985f90f6f142b7c3f9cb6bdebee9b4579";><code>cc13b69</code></a>
Remove debugging code and add EOLs</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/d31100c9195819edb0a12f44705dfc2da111ea9b";><code>d31100c</code></a>
Manually backport recursion limit enforcement to 25.x</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/88a3b9033014bfd4185d934bd199191667a67d2a";><code>88a3b90</code></a>
Change pre-22 poison pill to only log once per affected message type. (<a
href="https://redirect.github.com/protocolbuffers/protobuf/issues/21754";>#21754</a>)</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/320eafa0b7ab3c649f75bcbe851e0d3acf868cf3";><code>320eafa</code></a>
Weaken vulnerable gencode poison pills to warning by default.</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/f584fe36d4aa4af5dcc71e592c855b59e0ecee2c";><code>f584fe3</code></a>
Merge branch 'protocolbuffers:25.x' into 25.x</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/c7100368a25a849691dec7695078a113f6a4ef9f";><code>c710036</code></a>
Update test_upb.yml to use ubuntu-22</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/97217584375d1a29af91aeb607cc67327a3e05da";><code>9721758</code></a>
Fix missing trailing newline.</li>
<li><a
href="https://github.com/protocolbuffers/protobuf/commit/cca7b289bcda8baab9f59101d5c737790c5cc610";><code>cca7b28</code></a>
Update test_upb.yml to use ubuntu-22</li>
<li>Additional commits viewable in <a
href="https://github.com/protocolbuffers/protobuf/compare/v3.25.5...v3.25.8";>compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| com.google.protobuf:protobuf-java | [>= 4.a, < 5] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #2246 from
dependabot[bot]/dependabot/maven/java/com.google.protobuf-protobuf-java-3.25.8.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <dongj...@apache.org>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index 621a0e852..b19384e40 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -80,7 +80,7 @@
<orc-format.version>1.1.0</orc-format.version>
<!-- Build Properties -->
<project.build.outputTimestamp>2025-01-05T19:25:27Z</project.build.outputTimestamp>
- <protobuf.version>3.25.5</protobuf.version>
+ <protobuf.version>3.25.8</protobuf.version>
<slf4j.version>2.0.17</slf4j.version>
<storage-api.version>2.8.1</storage-api.version>
<surefire.version>3.5.3</surefire.version>
