Skip to content

chore(deps): bump google-protobuf from 3.21.2 to 4.0.1 in /proto#1796

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/proto/google-protobuf-4.0.1
Closed

chore(deps): bump google-protobuf from 3.21.2 to 4.0.1 in /proto#1796
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/proto/google-protobuf-4.0.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 20, 2025

Bumps google-protobuf from 3.21.2 to 4.0.1.

Release notes

Sourced from google-protobuf's releases.

v4.0.1

  • Add support for protobuf edition 2024
  • Add --version argument to protoc-gen-js binary for easier version checking. E.g. running ./protoc-gen-js will yield 4.0.1.

v4.0.0

What's Changed

  • Backport: binary proto serialization/deserialization changes and enable protobuf Editions 2023 (breaking change)
  • Backport: Fix JSPB binary utf8 decoding and validate by default (breaking change)
  • Do not ignore descriptor extensions
  • Limit global resolution to globalThis by (breaking change)

v3.21.4

Release to fix bazel build layering issue in 3.21.3.

v3.21.3

This release consists of mostly minor changes:

  • Documentation link fixes
  • Updated code generator to work with upstream API changes
  • Groundwork for moving to Bazel modules
Changelog

Sourced from google-protobuf's changelog.

"""Generates package naming variables for use with rules_pkg."""

load("@​bazel_tools//tools/cpp:toolchain_utils.bzl", "find_cpp_toolchain") load("@​rules_pkg//pkg:providers.bzl", "PackageVariablesInfo")

_PROTOBUF_JAVASCRIPT_VERSION = "4.0.1"

def _package_naming_impl(ctx): values = {} values["version"] = _PROTOBUF_JAVASCRIPT_VERSION

if ctx.attr.platform != "":
    values["platform"] = ctx.attr.platform
    return PackageVariablesInfo(values = values)

infer from the current cpp toolchain.


toolchain = find_cpp_toolchain(ctx)
cpu = toolchain.cpu
system_name = toolchain.target_gnu_system_name


rename cpus to match what we want artifacts to be


if cpu == "systemz":
cpu = "s390_64"
elif cpu == "aarch64":
cpu = "aarch_64"
elif cpu == "ppc64":
cpu = "ppcle_64"


use the system name to determine the os and then create platform names


if "apple" in system_name:
values["platform"] = "osx-" + cpu
elif "linux" in system_name:
values["platform"] = "linux-" + cpu
elif "mingw" in system_name:
if cpu == "x86_64":
values["platform"] = "win64"
else:
values["platform"] = "win32"
else:
values["platform"] = "unknown"


return PackageVariablesInfo(values = values)

package_naming = rule( implementation = _package_naming_impl, attrs = { # Necessary data dependency for find_cpp_toolchain. "_cc_toolchain": attr.label( default = Label("@​bazel_tools//tools/cpp:current_cc_toolchain"), ),

... (truncated)

Commits
  • e50318a Allow edition 2024 (#259)
  • d221239 update intel macos build runner
  • 25fe480 Update READMEs and add keywords for npm
  • 373d074 bump protobuf to v33
  • 4a683cd protoc_plugin: normalize git repo URL with npm pkg fix
  • bc95baf add standlone protoc-gen-js npm package (@​protocolbuffers/protoc-gen-js) for ...
  • e63a279 Add --version flag for protoc-gen-js
  • 5c70f21 remove writeZigzagVarint64BigInt
  • ec3bc7f Revert BUILD file change, remove bigint handling in writer.js
  • 6a7eced Fix closure-js output
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump google-protobuf from 3.21.2 to 4.0.1 in /proto
c714355 
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf-javascript) from 3.21.2 to 4.0.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-javascript/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-javascript/blob/main/protobuf_javascript_release.bzl)
- [Commits](protocolbuffers/protobuf-javascript@v3.21.2...v4.0.1)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Nov 20, 2025
@dependabot dependabot bot requested review from a team and aeneasr as code owners November 20, 2025 03:03
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript labels Nov 20, 2025
@dependabot dependabot bot mentioned this pull request Nov 20, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 25, 2026

Superseded by #1838.

@dependabot dependabot bot closed this Feb 25, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/proto/google-protobuf-4.0.1 branch February 25, 2026 03:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants