dependabot[bot] opened a new pull request, #18983:
URL: https://github.com/apache/pinot/pull/18983

   Bumps [org.apache.thrift:libthrift](https://github.com/apache/thrift) from 
0.23.0 to 0.24.0.
   <details>
   <summary>Release notes</summary>
   <p><em>Sourced from <a 
href="https://github.com/apache/thrift/releases";>org.apache.thrift:libthrift's 
releases</a>.</em></p>
   <blockquote>
   <h2>Version 0.24.0</h2>
   <p>Please head over to the official release download source:
   <a 
href="http://thrift.apache.org/download";>http://thrift.apache.org/download</a></p>
   <p>The assets listed below are added by Github based on the release tag and 
they will therefore not match the checkums published on the Thrift project 
website.</p>
   </blockquote>
   </details>
   <details>
   <summary>Changelog</summary>
   <p><em>Sourced from <a 
href="https://github.com/apache/thrift/blob/master/CHANGES.md";>org.apache.thrift:libthrift's
 changelog</a>.</em></p>
   <blockquote>
   <h2>0.24.0</h2>
   <h3>Build Process</h3>
   <ul>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5000";>THRIFT-5000</a> - 
Thrift docker image publish on releases</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5855";>THRIFT-5855</a> - 
Improve fuzzing support</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5952";>THRIFT-5952</a> - 
Optimize MSVC Docker image to reduce size and speed up CI</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5965";>THRIFT-5965</a> - Add 
zizmor for GitHub Actions workflows security analysis</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5967";>THRIFT-5967</a> - 
Refactor SCA GitHub workflow for better extensibility</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-5973";>THRIFT-5973</a> - 
Automated CHANGELOG creation</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-6002";>THRIFT-6002</a> - Add 
netstd codegen test script and GitHub Actions CI matrix job (.NET 8/9/10)</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-6003";>THRIFT-6003</a> - Add 
Haxe codegen test script and GitHub Actions CI job</li>
   <li><a 
href="https://issues.apache.org/jira/browse/THRIFT-6077";>THRIFT-6077</a> - 
improve CHANGES.md generator section assignment</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3613";>#3613</a> 
- Bump rubygems/release-gem from 1.2.0 to 1.4.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3616";>#3616</a> 
- Bump ruby/setup-ruby from 1.310.0 to 1.314.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3617";>#3617</a> 
- Bump rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3618";>#3618</a> 
- Bump jvm from 2.3.21 to 2.4.0 in /lib/kotlin</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3619";>#3619</a> 
- Bump com.diffplug.spotless from 8.5.1 to 8.7.0 in /lib/kotlin</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3615";>#3615</a> 
- Bump actions/setup-go from 6.4.0 to 6.5.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3597";>#3597</a> 
- fix off-by-ten header bounds check in readHeaderFormat</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3593";>#3593</a> 
- Bump shell-quote from 1.7.3 to 1.8.4 in /lib/js</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3591";>#3591</a> 
- Bump shell-quote from 1.7.3 to 1.8.4 in /lib/ts</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3589";>#3589</a> 
- Update MSVC CI to windows-2025-vs2026 runner and start Docker service 
explicitly</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3581";>#3581</a> 
- Run the Haxe library unit tests (neko) in CI</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3576";>#3576</a> 
- Bump ruby/setup-ruby from 1.306.0 to 1.310.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3575";>#3575</a> 
- Bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3577";>#3577</a> 
- Bump actions/setup-dotnet from 4.3.1 to 5.2.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3574";>#3574</a> 
- Bump com.diffplug.spotless from 8.4.0 to 8.5.1 in /lib/kotlin</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3572";>#3572</a> 
- Bump org.jetbrains.kotlinx:kotlinx-coroutines-jdk8 in /lib/kotlin</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3578";>#3578</a> 
- Harden the MSVC build workflow against transient Docker daemon 
unavailability</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3564";>#3564</a> 
- Enable Copilot reviews</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3565";>#3565</a> 
- Allow CI to fail on ruby-head</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3517";>#3517</a> 
- Bump uuid and nyc</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3513";>#3513</a> 
- Remove Ruby known failures from cross-test list</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3501";>#3501</a> 
- Fix netstd CI .NET SDK setup</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3496";>#3496</a> 
- Add generator paths to mergeable labels</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3430";>#3430</a> 
- Updated projects settings in .asf.yaml (features, merge buttons, Jira 
autolinking)</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3487";>#3487</a> 
- Update to setup-php 2.37.1</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3471";>#3471</a> 
- Update build.yml</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3461";>#3461</a> 
- Migration *.sln to *.slnx (except c++ libs)</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3454";>#3454</a> 
- Fixing bundler on ruby-head build</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3440";>#3440</a> 
- Removed deprecated 'publish' workflow</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3439";>#3439</a> 
- Pin all actions to a specific SHA consistently</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3437";>#3437</a> 
- Validate GitHub workflows against the ASF allowlist</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3433";>#3433</a> 
- Pin actions/upload-artifact to a specific SHA consistently</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3433";>#3433</a> 
- Bump actions/upload-artifact from 7.0.0 to 7.0.1</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3434";>#3434</a> 
- Bump jvm from 2.3.20 to 2.3.21 in /lib/kotlin</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3423";>#3423</a> 
- Bump uuid from 13.0.0 to 14.0.0</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3424";>#3424</a> 
- Bump json from 2.18.1 to 2.19.2 in /lib/rb</li>
   <li><a href="https://redirect.github.com/apache/thrift/pull/3404";>#3404</a> 
- Cleanup Adobe Flex SDK installation following AS3 library removal</li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a 
href="https://github.com/apache/thrift/commit/6d2ec95f450b4ce404afb8929ff479e68770141a";><code>6d2ec95</code></a>
 Tune make dist: drop generated/build artifacts, add missing sources</li>
   <li><a 
href="https://github.com/apache/thrift/commit/4f303a2413c9f6b0116a0714c55a7686579109e6";><code>4f303a2</code></a>
 Strip node_modules from dist to fix make dist symlink recursion</li>
   <li><a 
href="https://github.com/apache/thrift/commit/270b81edfb343546a6ed1dbc03d9d82633c91af2";><code>270b81e</code></a>
 Fix stale EXTRA_DIST references that broke make dist</li>
   <li><a 
href="https://github.com/apache/thrift/commit/c1df044f2eb290c7e51cc99ddb547e34fdbf0430";><code>c1df044</code></a>
 Fix Go and Rust version detection for multi-digit version numbers</li>
   <li><a 
href="https://github.com/apache/thrift/commit/342a80320e959ced1956a70fd5fd2624f0e01398";><code>342a803</code></a>
 updated CHANGES.md</li>
   <li><a 
href="https://github.com/apache/thrift/commit/0d66913b703d48156bec6530d8f3bc478d501f27";><code>0d66913</code></a>
 bump doap &amp; debian changelog</li>
   <li><a 
href="https://github.com/apache/thrift/commit/f961cdb44249c293fcce6a840ffa1f7419fd88d0";><code>f961cdb</code></a>
 fix info-header string bound check in THeaderTransport::readString</li>
   <li><a 
href="https://github.com/apache/thrift/commit/0ab16e3a83637711f4e0f788c205f66576fd0a55";><code>0ab16e3</code></a>
 enforce max_string_size on non-strict binary message name</li>
   <li><a 
href="https://github.com/apache/thrift/commit/817e0f17a84264f894dad62e8fcbb146070790e0";><code>817e0f1</code></a>
 Bump rubygems/release-gem from 1.2.0 to 1.4.0</li>
   <li><a 
href="https://github.com/apache/thrift/commit/6dfb0b26ea6b9ab9c114e0ef4c0f6e7b8110b242";><code>6dfb0b2</code></a>
 THRIFT-6073: Allow injecting external SSL_CTX into C++ SSLContext</li>
   <li>Additional commits viewable in <a 
href="https://github.com/apache/thrift/compare/v0.23.0...v0.24.0";>compare 
view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.thrift:libthrift&package-manager=maven&previous-version=0.23.0&new-version=0.24.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
   - `@dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
   - `@dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to