Skip to content

chore: bump io.github.ascopes:protobuf-maven-plugin from 3.10.3 to 5.1.7#2550

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/io.github.ascopes-protobuf-maven-plugin-5.1.7
Open

chore: bump io.github.ascopes:protobuf-maven-plugin from 3.10.3 to 5.1.7#2550
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/io.github.ascopes-protobuf-maven-plugin-5.1.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps io.github.ascopes:protobuf-maven-plugin from 3.10.3 to 5.1.7.

Release notes

Sourced from io.github.ascopes:protobuf-maven-plugin's releases.

v5.1.7

What's Changed

Full Changelog: ascopes/protobuf-maven-plugin@v5.1.6...v5.1.7

v5.1.6

What's Changed

New Contributors

Full Changelog: ascopes/protobuf-maven-plugin@v5.1.5...v5.1.6

v5.1.5

Nothing of major note for this update. Just pushing a newer build containing dependency updates to help those working in corporate environments with strict security triage policies.

Going forward, I am going to look to do this on a monthly or bi-monthly basis to allow users to keep their builds up to date.

As usual, any problems, just raise a discussion on our GitHub!

v5.1.4

Release notes

  • Deprecated protocDigest parameter for removal in the future. It is now replaced with <digest> within a PathProtocDistribution or UriProtocDistribution object, which makes this API consistent with the Protoc plugin API.

    • Users may continue to use the current mechanism until the next major version but are advised to update their usages where possible.
    • The next major version will not support digests on Maven-based protoc distributions, as this is redundant functionality.
    • Documentation examples have been updated to reflect the change.
    • For example:
    <configuration>
  <protoc kind="url">
    <url>https://...</url>
    <digest>sha1:a927271a34eab2353662e2ec6f0686553034821a</digest>
  </protoc>
</configuration>

  • Added missing digest verification functionality for path based protoc plugins.

  • Optimised digest generation and decoding to utilise SIMD functionality within the JDK. This reduces both overhead and memory consumption in complex builds.

  • Improved control flow for dependency resolution.

  • Removed noisy logging during plexus configuration merging.

Other changes

  • Build on Maven 3.9.15.

... (truncated)

Commits
  • e44bc12 [maven-release-plugin] prepare release v5.1.7
  • d8320cf Merge pull request #1023 from hypnoce/windows_exe_extensions
  • 3db62ea GH-1022: keep exe, cmd and ps1 extension for windows binaries
  • 8709feb Merge pull request #1021 from ascopes/dependabot/maven/protobuf-maven-plugin/...
  • 92403d4 Merge pull request #1020 from ascopes/dependabot/maven/main/org.eclipse.sisu-...
  • f6582c2 Bump io.grpc:grpc-bom in /protobuf-maven-plugin/src/it/setup
  • 6777191 Bump org.eclipse.sisu:sisu-maven-plugin from 1.0.0 to 1.0.1
  • 5c600fc [maven-release-plugin] prepare for next development iteration
  • 7bf0941 [maven-release-plugin] prepare release v5.1.6
  • f05fe86 Merge pull request #1018 from siepkes/solaris-support
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
io.github.ascopes:protobuf-maven-plugin [>= 4.0.a0, < 4.1]
io.github.ascopes:protobuf-maven-plugin [>= 4.a0, < 5]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore: bump io.github.ascopes:protobuf-maven-plugin from 3.10.3 to 5.1.7
b646bbd 
Bumps [io.github.ascopes:protobuf-maven-plugin](https://github.com/ascopes/protobuf-maven-plugin) from 3.10.3 to 5.1.7.
- [Release notes](https://github.com/ascopes/protobuf-maven-plugin/releases)
- [Commits](ascopes/protobuf-maven-plugin@v3.10.3...v5.1.7)

---
updated-dependencies:
- dependency-name: io.github.ascopes:protobuf-maven-plugin
  dependency-version: 5.1.7
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file maven labels Jun 30, 2026
@dependabot dependabot Bot mentioned this pull request Jun 30, 2026
Closed
@sonarqubecloud

sonarqubecloud Bot commented Jun 30, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file maven

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants