dependabot[bot] opened a new pull request #1000: URL: https://github.com/apache/avro/pull/1000
Bumps [protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.12.0 to 3.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protocolbuffers/protobuf/releases";>protobuf-java's releases</a>.</em></p> <blockquote> <h2>Protocol Buffers v3.14.0</h2> <h1>Protocol Compiler</h1> <ul> <li>The proto compiler no longer requires a .proto filename when it is not generating code.</li> <li>Added flag <code>--deterministic_output</code> to <code>protoc --encode=...</code>.</li> <li>Fixed deadlock when using google.protobuf.Any embedded in aggregate options.</li> </ul> <h1>C++</h1> <ul> <li>Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect.</li> <li>Removed inlined string support, which is incompatible with arenas.</li> <li>Fix a memory corruption bug in reflection when mixing optional and non-optional fields.</li> <li>Make SpaceUsed() calculation more thorough for map fields.</li> <li>Add stack overflow protection for text format with unknown field values.</li> <li>FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered.</li> <li>Performance improvements for Map.</li> <li>Minor formatting fix when dumping a descriptor to .proto format with DebugString.</li> <li>UBSAN fix in RepeatedField (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/2073";>#2073</a>).</li> <li>When running under ASAN, skip a test that makes huge allocations.</li> <li>Fixed a crash that could happen when creating more than 256 extensions in a single message.</li> <li>Fix a crash in BuildFile when passing in invalid descriptor proto.</li> <li>Parser security fix when operating with CodedInputStream.</li> <li>Warn against the use of AllowUnknownExtension.</li> <li>Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare.</li> <li>Fix segment fault for proto3 optional (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7805";>#7805</a>)</li> <li>Adds a CMake option to build <code>libprotoc</code> separately (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7949";>#7949</a>)</li> </ul> <h1>Java</h1> <ul> <li>Bugfix in mergeFrom() when a oneof has multiple message fields.</li> <li>Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF.</li> <li>Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing.</li> <li>Support "\u" escapes in textformat string literals.</li> <li>Trailing empty spaces are no longer ignored for FieldMask.</li> <li>Fix FieldMaskUtil.subtract to recursively remove mask.</li> <li>Mark enums with <code>@java.lang.Deprecated</code> if the proto enum has option <code>deprecated = true;</code>.</li> <li>Adding forgotten duration.proto to the lite library (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7738";>#7738</a>)</li> </ul> <h1>Python</h1> <ul> <li>Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is used outside WKT Value/Struct.</li> <li>Fix bug occurring when attempting to deep copy an enum type in python 3.</li> <li>Add a setuptools extension for generating Python protobufs (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7783";>#7783</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protocolbuffers/protobuf/commit/2514f0bd7da7e2af1bed4c5d1b84f031c4d12c10";><code>2514f0b</code></a> Removed protoc-artifacts/target directory</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/f3192d612852d4073378c1c5a0d55ed3f179987d";><code>f3192d6</code></a> Update protobuf version</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/8630972cedc12b51eb7ff0dbf39bd8c5f8a8141d";><code>8630972</code></a> Updated CHANGES.txt to add <a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/8035";>#8035</a></li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/e91922a4e7c420376f0b8f8a37fe41336de78ddd";><code>e91922a</code></a> Additional test</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/e57f761e7bb4a3e95a9cff0ff244a16432f29f91";><code>e57f761</code></a> Fix parsing negative Int32Value that crosses segment boundary</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/1b851b3fe638a6cef5986f8b9c78df420e319e5d";><code>1b851b3</code></a> Update protobuf version</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/129a5edb28907b1e3f27b23354375e06e7ecb3ec";><code>129a5ed</code></a> Updated CHANGES.txt to include <a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7928";>#7928</a></li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/99149badc02c5dff7461c8811c891a32bc4893a8";><code>99149ba</code></a> Fix PyUnknownFields memory leak (<a href="https://github-redirect.dependabot.com/protocolbuffers/protobuf/issues/7928";>#7928</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/492858351c998dae27c28dc92d87d9d4f1c00e11";><code>4928583</code></a> Updated CHANGES.txt for the 3.14.0 release</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/fbbe11ae493e1e1bab6cc396dfbb7b4de9fd8bd0";><code>fbbe11a</code></a> Reintroduced definitions for PHP GeneratedClassName() functions</li> <li>Additional commits viewable in <a href="https://github.com/protocolbuffers/protobuf/compare/v3.12.0...v3.14.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
