ORC-1934: Upgrade protobuf-java to 3.25.8

dependabot[bot] · dongjoon-hyun · commit f76b58e01155 · 2025-06-20T12:59:10.000-07:00
Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 3.25.5 to 3.25.8. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protocolbuffers/protobuf/commit/a4cbdd3ed0042e8f9b9c30e8b0634096d9532809"><code>a4cbdd3</code></a> Updating version.json and repo version numbers to: 25.8</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/29445be43d3235115f1f60c874a04c2147ea0488"><code>29445be</code></a> Merge pull request <a href="https://redirect.github.com/protocolbuffers/protobuf/issues/21880">#21880</a> from shaod2/py-25</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/cc13b69985f90f6f142b7c3f9cb6bdebee9b4579"><code>cc13b69</code></a> Remove debugging code and add EOLs</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/d31100c9195819edb0a12f44705dfc2da111ea9b"><code>d31100c</code></a> Manually backport recursion limit enforcement to 25.x</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/88a3b9033014bfd4185d934bd199191667a67d2a"><code>88a3b90</code></a> Change pre-22 poison pill to only log once per affected message type. (<a href="https://redirect.github.com/protocolbuffers/protobuf/issues/21754">#21754</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/320eafa0b7ab3c649f75bcbe851e0d3acf868cf3"><code>320eafa</code></a> Weaken vulnerable gencode poison pills to warning by default.</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/f584fe36d4aa4af5dcc71e592c855b59e0ecee2c"><code>f584fe3</code></a> Merge branch 'protocolbuffers:25.x' into 25.x</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/c7100368a25a849691dec7695078a113f6a4ef9f"><code>c710036</code></a> Update test_upb.yml to use ubuntu-22</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/97217584375d1a29af91aeb607cc67327a3e05da"><code>9721758</code></a> Fix missing trailing newline.</li> <li><a href="https://github.com/protocolbuffers/protobuf/commit/cca7b289bcda8baab9f59101d5c737790c5cc610"><code>cca7b28</code></a> Update test_upb.yml to use ubuntu-22</li> <li>Additional commits viewable in <a href="https://github.com/protocolbuffers/protobuf/compare/v3.25.5...v3.25.8">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | com.google.protobuf:protobuf-java | [>= 4.a, < 5] | </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java&package-manager=maven&previous-version=3.25.5&new-version=3.25.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Closes #2246 from dependabot[bot]/dependabot/maven/java/com.google.protobuf-protobuf-java-3.25.8. Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit f76d23f) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
diff --git a/java/pom.xml b/java/pom.xml
@@ -79,7 +79,7 @@
     <orc-format.version>1.1.0</orc-format.version>
     <!-- Build Properties -->
     <project.build.outputTimestamp>2025-05-03T22:26:00Z</project.build.outputTimestamp>
-    <protobuf.version>3.25.5</protobuf.version>
+    <protobuf.version>3.25.8</protobuf.version>
     <slf4j.version>2.0.16</slf4j.version>
     <storage-api.version>2.8.1</storage-api.version>
     <surefire.version>3.5.2</surefire.version>
