Sourced from io.github.ascopes:protobuf-maven-plugin's releases.

v5.1.5

Nothing of major note for this update. Just pushing a newer build containing dependency updates to help those working in corporate environments with strict security triage policies.

Going forward, I am going to look to do this on a monthly or bi-monthly basis to allow users to keep their builds up to date.

As usual, any problems, just raise a discussion on our GitHub!

v5.1.4

Release notes

• Deprecated protocDigest parameter for removal in the future. It is now replaced with <digest> within a PathProtocDistribution or UriProtocDistribution object, which makes this API consistent with the Protoc plugin API.

  • Users may continue to use the current mechanism until the next major version but are advised to update their usages where possible.
  • The next major version will not support digests on Maven-based protoc distributions, as this is redundant functionality.
  • Documentation examples have been updated to reflect the change.
  • For example:

  <configuration>
    <protoc kind="url">
      <url>https://...</url>
      <digest>sha1:a927271a34eab2353662e2ec6f0686553034821a</digest>
    </protoc>
  </configuration>

• Added missing digest verification functionality for path based protoc plugins.

• Optimised digest generation and decoding to utilise SIMD functionality within the JDK. This reduces both overhead and memory consumption in complex builds.

• Improved control flow for dependency resolution.

• Removed noisy logging during plexus configuration merging.

Other changes

• Build on Maven 3.9.15.
• Dependency updates, as usual.

v5.1.3

Fairly large update to existing code that bundles several QoL improvements and bugfixes to improve user experience.

Bugfixes

• Fix NullPointerException raised when failing to resolve dependencies in certain cases (@​askoog, GH-980).
• Abstract away class references from Plexus parameter converters entirely. This avoids edge cases where ClassWorlds within Maven may try to classload the same classes in multiple places, causing class definition mismatches and breaking type conversion within POMs. This is a defensive workaround to the issue originally addressed by GH-974.
• Remove caching of sealed types to further avoid issues such as those in GH-974.
• Make configurator classes into singletons to enforce fixes for GH-974.

UX improvements

... (truncated)

• dadfe90 [maven-release-plugin] prepare release v5.1.5
• 5ca8a80 Merge pull request #1012 from ascopes/dependabot/maven/main/com.google.errorp...
• b9ee523 Bump com.google.errorprone:error_prone_core from 2.49.0 to 2.50.0
• 23d4264 Fix test warning to make new ErrorProne happier
• cd2dadf Merge pull request #1016 from ascopes/dependabot/maven/main/com.uber.nullaway...
• b363e40 Merge pull request #1015 from ascopes/dependabot/maven/main/org.sonatype.cent...
• a5faf9d Bump com.uber.nullaway:nullaway from 0.13.6 to 0.13.7
• fb44e9c Bump org.sonatype.central:central-publishing-maven-plugin
• 1d2f4dc Merge pull request #1014 from ascopes/dependabot/maven/protobuf-maven-plugin/...
• ddebe15 Bump io.grpc:grpc-bom in /protobuf-maven-plugin/src/it/setup
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)