dependabot[bot] opened a new pull request, #18983: URL: https://github.com/apache/pinot/pull/18983
Bumps [org.apache.thrift:libthrift](https://github.com/apache/thrift) from 0.23.0 to 0.24.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/thrift/releases">org.apache.thrift:libthrift's releases</a>.</em></p> <blockquote> <h2>Version 0.24.0</h2> <p>Please head over to the official release download source: <a href="http://thrift.apache.org/download">http://thrift.apache.org/download</a></p> <p>The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/thrift/blob/master/CHANGES.md">org.apache.thrift:libthrift's changelog</a>.</em></p> <blockquote> <h2>0.24.0</h2> <h3>Build Process</h3> <ul> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5000">THRIFT-5000</a> - Thrift docker image publish on releases</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5855">THRIFT-5855</a> - Improve fuzzing support</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5952">THRIFT-5952</a> - Optimize MSVC Docker image to reduce size and speed up CI</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5965">THRIFT-5965</a> - Add zizmor for GitHub Actions workflows security analysis</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5967">THRIFT-5967</a> - Refactor SCA GitHub workflow for better extensibility</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-5973">THRIFT-5973</a> - Automated CHANGELOG creation</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-6002">THRIFT-6002</a> - Add netstd codegen test script and GitHub Actions CI matrix job (.NET 8/9/10)</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-6003">THRIFT-6003</a> - Add Haxe codegen test script and GitHub Actions CI job</li> <li><a href="https://issues.apache.org/jira/browse/THRIFT-6077">THRIFT-6077</a> - improve CHANGES.md generator section assignment</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3613">#3613</a> - Bump rubygems/release-gem from 1.2.0 to 1.4.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3616">#3616</a> - Bump ruby/setup-ruby from 1.310.0 to 1.314.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3617">#3617</a> - Bump rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3618">#3618</a> - Bump jvm from 2.3.21 to 2.4.0 in /lib/kotlin</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3619">#3619</a> - Bump com.diffplug.spotless from 8.5.1 to 8.7.0 in /lib/kotlin</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3615">#3615</a> - Bump actions/setup-go from 6.4.0 to 6.5.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3597">#3597</a> - fix off-by-ten header bounds check in readHeaderFormat</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3593">#3593</a> - Bump shell-quote from 1.7.3 to 1.8.4 in /lib/js</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3591">#3591</a> - Bump shell-quote from 1.7.3 to 1.8.4 in /lib/ts</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3589">#3589</a> - Update MSVC CI to windows-2025-vs2026 runner and start Docker service explicitly</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3581">#3581</a> - Run the Haxe library unit tests (neko) in CI</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3576">#3576</a> - Bump ruby/setup-ruby from 1.306.0 to 1.310.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3575">#3575</a> - Bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3577">#3577</a> - Bump actions/setup-dotnet from 4.3.1 to 5.2.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3574">#3574</a> - Bump com.diffplug.spotless from 8.4.0 to 8.5.1 in /lib/kotlin</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3572">#3572</a> - Bump org.jetbrains.kotlinx:kotlinx-coroutines-jdk8 in /lib/kotlin</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3578">#3578</a> - Harden the MSVC build workflow against transient Docker daemon unavailability</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3564">#3564</a> - Enable Copilot reviews</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3565">#3565</a> - Allow CI to fail on ruby-head</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3517">#3517</a> - Bump uuid and nyc</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3513">#3513</a> - Remove Ruby known failures from cross-test list</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3501">#3501</a> - Fix netstd CI .NET SDK setup</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3496">#3496</a> - Add generator paths to mergeable labels</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3430">#3430</a> - Updated projects settings in .asf.yaml (features, merge buttons, Jira autolinking)</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3487">#3487</a> - Update to setup-php 2.37.1</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3471">#3471</a> - Update build.yml</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3461">#3461</a> - Migration *.sln to *.slnx (except c++ libs)</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3454">#3454</a> - Fixing bundler on ruby-head build</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3440">#3440</a> - Removed deprecated 'publish' workflow</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3439">#3439</a> - Pin all actions to a specific SHA consistently</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3437">#3437</a> - Validate GitHub workflows against the ASF allowlist</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3433">#3433</a> - Pin actions/upload-artifact to a specific SHA consistently</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3433">#3433</a> - Bump actions/upload-artifact from 7.0.0 to 7.0.1</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3434">#3434</a> - Bump jvm from 2.3.20 to 2.3.21 in /lib/kotlin</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3423">#3423</a> - Bump uuid from 13.0.0 to 14.0.0</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3424">#3424</a> - Bump json from 2.18.1 to 2.19.2 in /lib/rb</li> <li><a href="https://redirect.github.com/apache/thrift/pull/3404">#3404</a> - Cleanup Adobe Flex SDK installation following AS3 library removal</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/thrift/commit/6d2ec95f450b4ce404afb8929ff479e68770141a"><code>6d2ec95</code></a> Tune make dist: drop generated/build artifacts, add missing sources</li> <li><a href="https://github.com/apache/thrift/commit/4f303a2413c9f6b0116a0714c55a7686579109e6"><code>4f303a2</code></a> Strip node_modules from dist to fix make dist symlink recursion</li> <li><a href="https://github.com/apache/thrift/commit/270b81edfb343546a6ed1dbc03d9d82633c91af2"><code>270b81e</code></a> Fix stale EXTRA_DIST references that broke make dist</li> <li><a href="https://github.com/apache/thrift/commit/c1df044f2eb290c7e51cc99ddb547e34fdbf0430"><code>c1df044</code></a> Fix Go and Rust version detection for multi-digit version numbers</li> <li><a href="https://github.com/apache/thrift/commit/342a80320e959ced1956a70fd5fd2624f0e01398"><code>342a803</code></a> updated CHANGES.md</li> <li><a href="https://github.com/apache/thrift/commit/0d66913b703d48156bec6530d8f3bc478d501f27"><code>0d66913</code></a> bump doap & debian changelog</li> <li><a href="https://github.com/apache/thrift/commit/f961cdb44249c293fcce6a840ffa1f7419fd88d0"><code>f961cdb</code></a> fix info-header string bound check in THeaderTransport::readString</li> <li><a href="https://github.com/apache/thrift/commit/0ab16e3a83637711f4e0f788c205f66576fd0a55"><code>0ab16e3</code></a> enforce max_string_size on non-strict binary message name</li> <li><a href="https://github.com/apache/thrift/commit/817e0f17a84264f894dad62e8fcbb146070790e0"><code>817e0f1</code></a> Bump rubygems/release-gem from 1.2.0 to 1.4.0</li> <li><a href="https://github.com/apache/thrift/commit/6dfb0b26ea6b9ab9c114e0ef4c0f6e7b8110b242"><code>6dfb0b2</code></a> THRIFT-6073: Allow injecting external SSL_CTX into C++ SSLContext</li> <li>Additional commits viewable in <a href="https://github.com/apache/thrift/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
