Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(deps): Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#…
…11434) Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protocolbuffers/protobuf-go/releases">google.golang.org/protobuf's releases</a>.</em></p> <blockquote> <h2>v1.28.0</h2> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-overview">Overview</a></li> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-notable-changes">Notable changes</a> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-recursion-limit">UnmarshalOption RecursionLimit</a></li> </ul> </li> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-breaking-changes">Upcoming breakage changes</a></li> </ul> <h2>Overview </h2> <p>The release provides a new unmarshal option for limiting the recursion depth when unmarshalling nested messages to prevent stack overflows. (<a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a>).</p> <h2>Notable changes </h2> <p><strong>New features:</strong></p> <ul> <li><a href="https://go.dev/cl/340489">CL/340489</a>: testing/protocmp: add Message.Unwrap</li> </ul> <p><strong>Documentation improvements:</strong></p> <ul> <li><a href="https://go.dev/cl/339569">CL/339569</a>: reflect/protoreflect: add more docs on Value aliasing</li> </ul> <p><strong>Updated supported versions:</strong></p> <ul> <li><a href="https://go.dev/cl/370055">CL/370055</a>: all: update supported versions</li> </ul> <h3>UnmarshalOption RecursionLimit </h3> <ul> <li><a href="https://golang.org/cl/385854">CL/385854</a>: all: implement depth limit for unmarshalling</li> </ul> <p>The new <a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a> limits the maximum recursion depth when unmarshalling messages. The limit is applied for nested messages. When messages are nested deeper than the specified limit the unmarshalling will fail. If unspecified, a default limit of 10,000 is applied.</p> <p>In addition to the configurable limit for message nesting a non-configurable recursion limit for <a href="https://developers.google.com/protocol-buffers/docs/proto#groups">group</a> nesting of 10,000 was introduced.</p> <h2>Upcoming breakage changes </h2> <p>The default recursion limit of 10,000 introduced in the release is subject to change. We want to align this limit with implementations for other languages in the long term. C++ and Java use a limit of 100 which is also the target for the Go implementation.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/32051b4f86e54c2142c7c05362c6e96ae3454a1c"><code>32051b4</code></a> all: release v1.28.0</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/3992ea83a23c00882339f33511074d251e19822c"><code>3992ea8</code></a> all: implement depth limit for unmarshaling</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/e5db2960ed1380681b571cdf4648230beefaf58b"><code>e5db296</code></a> all: update supported versions</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/3a9e1dc314e2cb57d6cb054df513f17586295fc7"><code>3a9e1dc</code></a> all: gofmt all</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/26e8bcb3c743193558d1a0ff540c9e05f999267d"><code>26e8bcb</code></a> all: remove unnecessary string([]byte) conversion in fmt.Sprintf with %s</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/5aec41b4809b9822a34e17acd06ae9ae9f41c13d"><code>5aec41b</code></a> testing/protocmp: add Message.Unwrap</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/05be61fde35dcaa3502f4430edee444a294d41c3"><code>05be61f</code></a> reflect/protoreflect: add more docs on Value aliasing</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/b03064a95cacfede187231741d9918a75653057d"><code>b03064a</code></a> all: start v1.27.1-devel</li> <li>See full diff in <a href="https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.27.1&new-version=1.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
- Loading branch information