[Snyk] Upgrade google-protobuf from 3.4.0 to 3.20.1

[ccfish86]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade google-protobuf from 3.4.0 to 3.20.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 71 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-04-21.

Release notes

Package name: google-protobuf

• 3.20.1 - 2022-04-21

  PHP

  • Fix building packaged PHP extension (#9727)
  • Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819)

  Ruby

  • Disable the aarch64 build on macOS until it can be fixed. (#9816)

  Other

  • Fix versioning issues in 3.20.0
• 3.20.1-rc.1 - 2022-04-06
• 3.20.0 - 2022-04-01

  2022-03-25 version 3.20.0 (C++/Java/Python/PHP/Objective-C/C#/Ruby/JavaScript)

  Ruby

  • Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311)
  • Added Ruby 3.1 support for CI and releases (#9566).
  • Message.decode/encode: Add recursion_limit option (#9218/#9486)
  • Allocate with xrealloc()/xfree() so message allocation is visible to the
    Ruby GC. In certain tests this leads to much lower memory usage due to more
    frequent GC runs (#9586).
  • Fix conversion of singleton classes in Ruby (#9342)
  • Suppress warning for intentional circular require (#9556)
  • JSON will now output shorter strings for double and float fields when possible
    without losing precision.
  • Encoding and decoding of binary format will now work properly on big-endian
    systems.
  • UTF-8 verification was fixed to properly reject surrogate code points.
  • Unknown enums for proto2 protos now properly implement proto2's behavior of
    putting such values in unknown fields.

  Java

  • Revert "Standardize on Array copyOf" (#9400)
  • Resolve more java field accessor name conflicts (#8198)
  • Don't support map fields in DynamicMessage.Builder.{getFieldBuilder,getRepeatedFieldBuilder}
  • Fix parseFrom to only throw InvalidProtocolBufferException
  • InvalidProtocolBufferException now allows arbitrary wrapped Exception types.
  • Fix bug in FieldSet.Builder.mergeFrom
  • Flush CodedOutputStream also flushes underlying OutputStream
  • When oneof case is the same and the field type is Message, merge the
    subfield. (previously it was replaced.)’
  • Add @ CheckReturnValue to some protobuf types
  • Report original exceptions when parsing JSON
  • Add more info to @ deprecated javadoc for set/get/has methods
  • Fix initialization bug in doc comment line numbers
  • Fix comments for message set wire format.

  Kotlin

  • Add test scope to kotlin-test for protobuf-kotlin-lite (#9518)
  • Add orNull extensions for optional message fields.
  • Add orNull extensions to all proto3 message fields.

  Python

  • Dropped support for Python < 3.7 (#9480)
  • Protoc is now able to generate python stubs (.pyi) with --pyi_out
  • Pin multibuild scripts to get manylinux1 wheels back (#9216)
  • Fix type annotations of some Duration and Timestamp methods.
  • Repeated field containers are now generic in field types and could be used
    in type annotations.
    *[Breaking change] Protobuf python generated codes are simplified. Descriptors and message
    classes' definitions are now dynamic created in internal/builder.py.
    Insertion Points for messages classes are discarded.
  • has_presence is added for FieldDescriptor in python
  • Loosen indexing type requirements to allow valid index() implementations
    rather than only PyLongObjects.
  • Fix the deepcopy bug caused by not copying message_listener.
  • Added python JSON parse recursion limit (default 100)
  • Path info is added for python JSON parse errors
  • Pure python repeated scalar fields will not able to pickle. Convert to list
    first.
  • Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If
    specified, the function returns a timezone-aware datetime in the given time
    zone. If omitted or None, the function returns a timezone-naive UTC datetime
    (as previously).
  • Adds client_streaming and server_streaming fields to MethodDescriptor.
  • Add "ensure_ascii" parameter to json_format.MessageToJson. This allows smaller
    JSON serializations with UTF-8 or other non-ASCII encodings.
  • Added experimental support for directly assigning numpy scalars and array.
  • Improve the calculation of public_dependencies in DescriptorPool.
  • [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy
    multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment.

  Compiler

  • Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*)
  • Implement strong qualified tags for TaggedPtr
  • Rework allocations to power-of-two byte sizes.
  • Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*)
  • Implement strong qualified tags for TaggedPtr
  • Make TaggedPtr Set...() calls explicitly spell out the content type.
  • Check for parsing error before verifying UTF8.
  • Enforce a maximum message nesting limit of 32 in the descriptor builder to
    guard against stack overflows
  • Fixed bugs in operators for RepeatedPtrIterator
  • Assert a maximum map alignment for allocated values
  • Fix proto1 group extension protodb parsing error
  • Do not log/report the same descriptor symbol multiple times if it contains
    more than one invalid character.
  • Add UnknownFieldSet::SerializeToString and SerializeToCodedStream.
  • Remove explicit default pointers and deprecated API from protocol compiler

  Arenas

  • Change Repeated*Field to reuse memory when using arenas.
  • Implements pbarenaz for profiling proto arenas
  • Introduce CreateString() and CreateArenaString() for cleaner semantics
  • Fix unreferenced parameter for MSVC builds
  • Add UnsafeSetAllocated to be used for one-of string fields.
  • Make Arena::AllocateAligned() a public function.
  • Determine if ArenaDtor related code generation is necessary in one place.
  • Implement on demand register ArenaDtor for InlinedStringField

  C++

  • Enable testing via CTest (#8737)
  • Add option to use external GTest in CMake (#8736)
  • CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529)
  • Add cmake option protobuf_INSTALL to not install files (#7123)
  • CMake: Allow custom plugin options e.g. to generate mocks (#9105)
  • CMake: Use linker version scripts (#9545)
  • Manually *struct Cord fields to work better with arenas.
  • Manually destruct map fields.
  • Generate narrower code
  • Fix #9378 by removing
    shadowed cached_size field
  • Remove GetPointer() and explicit nullptr defaults.
  • Add proto_h flag for speeding up large builds
  • Add missing overload for reference wrapped fields.
  • Add MergedDescriptorDatabase::FindAllFileNames()
  • RepeatedField now defines an iterator type instead of using a pointer.
  • Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS.

  PHP

  • Fix: add missing reserved classnames (#9458)
  • PHP 8.1 compatibility (#9370)

  C#

  • Fix trim warnings (#9182)
  • Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430)
  • Add ToProto() method to all descriptor classes (#9426)
  • Add an option to preserve proto names in JsonFormatter (#6307)

  Objective-C

  • Add prefix_to_proto_package_mappings_path option. (#9498)
  • Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552)
  • Add a generation option to control use of forward declarations in headers. (#9568)
• 3.20.0-rc.2 - 2022-03-17
• 3.20.0-rc.1 - 2022-03-04
• 3.19.4 - 2022-01-28
• 3.19.3 - 2022-01-11
• 3.19.2 - 2022-01-05
• 3.19.1 - 2021-10-29
• 3.19.0 - 2021-10-20
• 3.19.0-rc.2 - 2021-10-19
• 3.19.0-rc.1 - 2021-10-16
• 3.18.2 - 2022-01-05
• 3.18.1 - 2021-10-05
• 3.18.0 - 2021-09-15
• 3.18.0-rc.2 - 2021-08-30
• 3.18.0-rc.1 - 2021-08-19
• 3.17.3 - 2021-06-08
• 3.17.2 - 2021-06-02
• 3.17.1 - 2021-05-24
• 3.17.0 - 2021-05-13
• 3.17.0-rc.2 - 2021-05-11
• 3.17.0-rc.1 - 2021-05-07
• 3.16.0 - 2021-05-07
• 3.16.0-rc.2 - 2021-05-05
• 3.16.0-rc.1 - 2021-04-06
• 3.15.8 - 2021-04-08
• 3.15.7 - 2021-04-02
• 3.15.6 - 2021-03-11
• 3.15.5 - 2021-03-05
• 3.15.4 - 2021-03-03
• 3.15.3 - 2021-02-25
• 3.15.2 - 2021-02-23
• 3.15.1 - 2021-02-20
• 3.15.0 - 2021-02-18
• 3.15.0-rc.2 - 2021-02-17
• 3.15.0-rc.1 - 2021-02-08
• 3.14.0 - 2020-11-13
• 3.14.0-rc.3 - 2020-11-12
• 3.14.0-rc.2 - 2020-11-11
• 3.14.0-rc.1 - 2020-11-06
• 3.13.0 - 2020-08-15
• 3.13.0-rc.3 - 2020-08-13
• 3.12.4 - 2020-07-28
• 3.12.2 - 2020-05-27
• 3.12.1 - 2020-05-21
• 3.12.0 - 2020-05-15
• 3.12.0-rc.2 - 2020-05-12
• 3.12.0-rc.1 - 2020-05-04
• 3.11.4 - 2020-02-14
• 3.11.3 - 2020-02-03
• 3.11.2 - 2019-12-14
• 3.11.1 - 2019-12-03
• 3.11.0 - 2019-11-26
• 3.11.0-rc.2 - 2019-11-23
• 3.11.0-rc.1 - 2019-11-20
• 3.10.0 - 2019-10-03
• 3.10.0-rc.1 - 2019-09-05
• 3.9.2 - 2019-09-23
• 3.9.1 - 2019-08-06
• 3.9.0 - 2019-07-12
• 3.9.0-rc.1 - 2019-06-26
• 3.8.0 - 2019-05-28
• 3.8.0-rc.1 - 2019-05-03
• 3.7.1 - 2019-03-21
• 3.7.0 - 2019-03-04
• 3.7.0-rc.3 - 2019-02-26
• 3.7.0-rc.2 - 2019-02-01
• 3.6.1 - 2018-07-31
• 3.6.0 - 2018-06-22
• 3.5.0 - 2017-11-16
• 3.4.0 - 2017-08-16

from google-protobuf GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs