From 49c52a0288a4aeb322cee105892d5c66abc3d970 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Mar 2022 12:16:47 +0000
Subject: [PATCH] build(deps): Bump google.golang.org/protobuf from 1.27.1 to
 1.28.0 (#11434)

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="/protocolbuffers/protobuf-go/releases">google.golang.org/protobuf's releases</a>.</em></p>
<blockquote>
<h2>v1.28.0</h2>
<ul>
<li><a href="/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-overview">Overview</a></li>
<li><a href="/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-notable-changes">Notable changes</a>
<ul>
<li><a href="/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-recursion-limit">UnmarshalOption RecursionLimit</a></li>
</ul>
</li>
<li><a href="/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-breaking-changes">Upcoming breakage changes</a></li>
</ul>
<h2>Overview </h2>
<p>The release provides a new unmarshal option for limiting the recursion depth when unmarshalling nested messages to prevent stack overflows. (<a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a>).</p>
<h2>Notable changes </h2>
<p><strong>New features:</strong></p>
<ul>
<li><a href="https://go.dev/cl/340489">CL/340489</a>: testing/protocmp: add Message.Unwrap</li>
</ul>
<p><strong>Documentation improvements:</strong></p>
<ul>
<li><a href="https://go.dev/cl/339569">CL/339569</a>: reflect/protoreflect: add more docs on Value aliasing</li>
</ul>
<p><strong>Updated supported versions:</strong></p>
<ul>
<li><a href="https://go.dev/cl/370055">CL/370055</a>: all: update supported versions</li>
</ul>
<h3>UnmarshalOption RecursionLimit </h3>
<ul>
<li><a href="https://golang.org/cl/385854">CL/385854</a>: all: implement depth limit for unmarshalling</li>
</ul>
<p>The new <a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a> limits the maximum recursion depth when unmarshalling messages. The limit is applied for nested messages. When messages are nested deeper than the specified limit the unmarshalling will fail. If unspecified, a default limit of 10,000 is applied.</p>
<p>In addition to the configurable limit for message nesting a non-configurable recursion limit for <a href="https://developers.google.com/protocol-buffers/docs/proto#groups">group</a> nesting of 10,000 was introduced.</p>
<h2>Upcoming breakage changes </h2>
<p>The default recursion limit of 10,000 introduced in the release is subject to change. We want to align this limit with implementations for other languages in the long term. C++ and Java use a limit of 100 which is also the target for the Go implementation.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="/protocolbuffers/protobuf-go/commit/32051b4f86e54c2142c7c05362c6e96ae3454a1c"><code>32051b4</code></a> all: release v1.28.0</li>
<li><a href="/protocolbuffers/protobuf-go/commit/3992ea83a23c00882339f33511074d251e19822c"><code>3992ea8</code></a> all: implement depth limit for unmarshaling</li>
<li><a href="/protocolbuffers/protobuf-go/commit/e5db2960ed1380681b571cdf4648230beefaf58b"><code>e5db296</code></a> all: update supported versions</li>
<li><a href="/protocolbuffers/protobuf-go/commit/3a9e1dc314e2cb57d6cb054df513f17586295fc7"><code>3a9e1dc</code></a> all: gofmt all</li>
<li><a href="/protocolbuffers/protobuf-go/commit/26e8bcb3c743193558d1a0ff540c9e05f999267d"><code>26e8bcb</code></a> all: remove unnecessary string([]byte) conversion in fmt.Sprintf with %s</li>
<li><a href="/protocolbuffers/protobuf-go/commit/5aec41b4809b9822a34e17acd06ae9ae9f41c13d"><code>5aec41b</code></a> testing/protocmp: add Message.Unwrap</li>
<li><a href="/protocolbuffers/protobuf-go/commit/05be61fde35dcaa3502f4430edee444a294d41c3"><code>05be61f</code></a> reflect/protoreflect: add more docs on Value aliasing</li>
<li><a href="/protocolbuffers/protobuf-go/commit/b03064a95cacfede187231741d9918a75653057d"><code>b03064a</code></a> all: start v1.27.1-devel</li>
<li>See full diff in <a href="/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.27.1&new-version=1.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 3214267dcdeb..cc485e143bbb 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce
 	google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf
 	google.golang.org/grpc v1.45.0
-	google.golang.org/protobuf v1.27.1
+	google.golang.org/protobuf v1.28.0
 	pgregory.net/rapid v0.4.7
 	sigs.k8s.io/yaml v1.3.0
 )
diff --git a/go.sum b/go.sum
index f4f4e8a51fad..9cc9cdf68906 100644
--- a/go.sum
+++ b/go.sum
@@ -1952,8 +1952,9 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=