Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update protobuf-java to 3.25.6 #1748

Merged
merged 2 commits into from
Jan 27, 2025
Merged

Update protobuf-java to 3.25.6 #1748

merged 2 commits into from
Jan 27, 2025

Conversation

scala-steward-asf[bot]
Copy link
Contributor

About this PR

πŸ“¦ Updates com.google.protobuf:protobuf-java from 3.25.5 to 3.25.6

πŸ“œ GitHub Release Notes - Version Diff

Usage

βœ… Please merge!

I'll automatically update this PR to resolve conflicts as long as you don't change it yourself.

If you'd like to skip this version, you can just close this PR. If you have any feedback, just mention me in the comments below.

Configure Scala Steward for your repository with a .scala-steward.conf file.

Have a fantastic day writing Scala!

πŸ” Files still referring to the old version number

The following files still refer to the old version number (3.25.5).
You might want to review and update them manually.

docs/src/main/paradox/release-notes/releases-1.1.md
βš™ Adjust future updates

Add this to your .scala-steward.conf file to ignore future updates of this dependency:

updates.ignore = [ { groupId = "com.google.protobuf", artifactId = "protobuf-java" } ]

Or, add this to slow down future updates of this dependency:

dependencyOverrides = [{
  pullRequests = { frequency = "30 days" },
  dependency = { groupId = "com.google.protobuf", artifactId = "protobuf-java" }
}]
labels: library-update, early-semver-patch, semver-spec-patch, old-version-remains, commit-count:1

pjfanning
pjfanning requested changes Jan 26, 2025
View reviewed changes
Copy link
Contributor

@pjfanning pjfanning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

Error:  [01/26/2025 00:23:59.363] [RemoteRouterSpec-pekko.remote.default-remote-dispatcher-7] [Deserializer(pekko://RemoteRouterSpec)] Failed to deserialize message from [unknown] with serializer id [17] and manifest [d].
java.lang.UnsupportedOperationException: As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line. See security vulnerability: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
	at org.apache.pekko.protobufv3.internal.GeneratedMessage.warnPre22Gencode(GeneratedMessage.java:327)
	at org.apache.pekko.protobufv3.internal.GeneratedMessageV3.makeExtensionsImmutable(GeneratedMessageV3.java:531)

@raboof raboof self-assigned this Jan 26, 2025
@raboof
Copy link
Member

raboof commented Jan 26, 2025

I'm confused by this error, suggesting this should not happen as of version 21.7 but then recommending to regenerate with 25.6 or later. I can regenerate the classes though.

protocolbuffers/protobuf#20084

@raboof raboof mentioned this pull request Jan 26, 2025
Open
13 tasks
@raboof raboof removed their assignment Jan 26, 2025
@pjfanning
Copy link
Contributor

@raboof thanks for rebuilding the Java files. They are not regenerated by the Pekko build.

It looks like protobuf-java 3.25.6 has a new check so that it insists that you have generated the source with a more up to date version of Protoc that we have used for recent upgrades.

It does look like something we would want to fix up for the 1.2.0-M1 release. If this PR builds ok, it is enough - I'm not worried about automating the code generation.

I was trying this myself but my Mac won't let me use the protoc file from Google's releases on GitHub. I was in the middle of building it myself.

@pjfanning pjfanning added this to the 1.2.0-M1 milestone Jan 26, 2025
@raboof raboof force-pushed the update/protobuf-java-3.25.6 branch from e3fa87a to 77f69ea Compare January 26, 2025 11:48
@raboof
Copy link
Member

raboof commented Jan 26, 2025

@raboof thanks for rebuilding the Java files. They are not regenerated by the Pekko build.

It looks like protobuf-java 3.25.6 has a new check so that it insists that you have generated the source with a more up to date version of Protoc that we have used for recent upgrades.

yeah, it's confusing to me that the error is referring to 21.7 but seems to trigger for all versions before 25.6, though.

It does look like something we would want to fix up for the 1.2.0-M1 release. If this PR builds ok, it is enough - I'm not worried about automating the code generation.

agreed

I was trying this myself but my Mac won't let me use the protoc file from Google's releases on GitHub. I was in the middle of building it myself.

ah, I used the 'assign' feature in GitHub to signal that I was looking into it (it didn't seem worth a comment)

@pjfanning pjfanning mentioned this pull request Jan 26, 2025
Merged
@pjfanning
Copy link
Contributor

pjfanning commented Jan 26, 2025
edited
Loading

Looks like we have some more old java files in our tests (distributed data). Affects 2 tests.

In the 'docs' module as opposed to the code modules.

TwoPhaseSetMessages

- test TwoPhaseSetSerializer *** FAILED *** (16 milliseconds)
[01-26 12:42:24.795] [info]   java.lang.UnsupportedOperationException: As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line. See security vulnerability: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.GeneratedMessage.warnPre22Gencode(GeneratedMessage.java:327)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.GeneratedMessageV3.makeExtensionsImmutable(GeneratedMessageV3.java:531)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.msg.TwoPhaseSetMessages$TwoPhaseSet.<init>(TwoPhaseSetMessages.java:172)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.msg.TwoPhaseSetMessages$TwoPhaseSet.<init>(TwoPhaseSetMessages.java:87)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.msg.TwoPhaseSetMessages$TwoPhaseSet$1.parsePartialFrom(TwoPhaseSetMessages.java:863)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.msg.TwoPhaseSetMessages$TwoPhaseSet$1.parsePartialFrom(TwoPhaseSetMessages.java:857)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.AbstractParser.parsePartialFrom(AbstractParser.java:135)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.AbstractParser.parseFrom(AbstractParser.java:168)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.AbstractParser.parseFrom(AbstractParser.java:180)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.AbstractParser.parseFrom(AbstractParser.java:185)
[01-26 12:42:24.795] [info]   at org.apache.pekko.protobufv3.internal.AbstractParser.parseFrom(AbstractParser.java:25)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.msg.TwoPhaseSetMessages$TwoPhaseSet.parseFrom(TwoPhaseSetMessages.java:370)
[01-26 12:42:24.795] [info]   at docs.ddata.protobuf.TwoPhaseSetSerializer.twoPhaseSetFromBinary(TwoPhaseSetSerializer.scala:62)
[01-26 12:42:24.796] [info]   at docs.ddata.protobuf.TwoPhaseSetSerializer.fromBinary(TwoPhaseSetSerializer.scala:40)
[01-26 12:42:24.796] [info]   at docs.ddata.DistributedDataDocSpec.$anonfun$new$20(DistributedDataDocSpec.scala:407)
[01-26 12:42:24.796] [info]   at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
[01-26 12:42:24.796] [info]   at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
[01-26 12:42:24.796] [info]   at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
[01-26 12:42:24.796] [info]   at org.scalatest.Transformer.apply(Transformer.scala:22)
[01-26 12:42:24.796] [info]   at org.scalatest.Transformer.apply(Transformer.scala:20)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike$$anon$3.apply(AnyWordSpecLike.scala:1240)
[01-26 12:42:24.796] [info]   at org.scalatest.TestSuite.withFixture(TestSuite.scala:196)
[01-26 12:42:24.796] [info]   at org.scalatest.TestSuite.withFixture$(TestSuite.scala:195)
[01-26 12:42:24.796] [info]   at org.apache.pekko.testkit.PekkoSpec.withFixture(PekkoSpec.scala:79)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.invokeWithFixture$1(AnyWordSpecLike.scala:1238)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$runTest$1(AnyWordSpecLike.scala:1250)
[01-26 12:42:24.796] [info]   at org.scalatest.SuperEngine.runTestImpl(Engine.scala:306)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTest(AnyWordSpecLike.scala:1250)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTest$(AnyWordSpecLike.scala:1232)
[01-26 12:42:24.796] [info]   at org.apache.pekko.testkit.PekkoSpec.runTest(PekkoSpec.scala:79)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$runTests$1(AnyWordSpecLike.scala:1309)
[01-26 12:42:24.796] [info]   at org.scalatest.SuperEngine.$anonfun$runTestsInBranch$1(Engine.scala:413)
[01-26 12:42:24.796] [info]   at scala.collection.immutable.List.foreach(List.scala:334)
[01-26 12:42:24.796] [info]   at org.scalatest.SuperEngine.traverseSubNodes$1(Engine.scala:401)
[01-26 12:42:24.796] [info]   at org.scalatest.SuperEngine.runTestsInBranch(Engine.scala:396)
[01-26 12:42:24.796] [info]   at org.scalatest.SuperEngine.runTestsImpl(Engine.scala:475)
[01-26 12:42:24.796] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTests(AnyWordSpecLike.scala:1309)
[01-26 12:42:24.797] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTests$(AnyWordSpecLike.scala:1308)
[01-26 12:42:24.797] [info]   at org.apache.pekko.testkit.PekkoSpec.runTests(PekkoSpec.scala:79)
[01-26 12:42:24.797] [info]   at org.scalatest.Suite.run(Suite.scala:1114)
[01-26 12:42:24.797] [info]   at org.scalatest.Suite.run$(Suite.scala:1096)
[01-26 12:42:24.797] [info]   at org.apache.pekko.testkit.PekkoSpec.org$scalatest$wordspec$AnyWordSpecLike$$super$run(PekkoSpec.scala:79)
[01-26 12:42:24.797] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$run$1(AnyWordSpecLike.scala:1354)
[01-26 12:42:24.797] [info]   at org.scalatest.SuperEngine.runImpl(Engine.scala:535)
[01-26 12:42:24.797] [info]   at org.scalatest.wordspec.AnyWordSpecLike.run(AnyWordSpecLike.scala:1354)
[01-26 12:42:24.797] [info]   at org.scalatest.wordspec.AnyWordSpecLike.run$(AnyWordSpecLike.scala:1352)
[01-26 12:42:24.797] [info]   at org.apache.pekko.testkit.PekkoSpec.org$scalatest$BeforeAndAfterAll$$super$run(PekkoSpec.scala:79)
[01-26 12:42:24.797] [info]   at org.scalatest.BeforeAndAfterAll.liftedTree1$1(BeforeAndAfterAll.scala:213)
[01-26 12:42:24.797] [info]   at org.scalatest.BeforeAndAfterAll.run(BeforeAndAfterAll.scala:210)
[01-26 12:42:24.797] [info]   at org.scalatest.BeforeAndAfterAll.run$(BeforeAndAfterAll.scala:208)
[01-26 12:42:24.797] [info]   at org.apache.pekko.testkit.PekkoSpec.run(PekkoSpec.scala:79)
[01-26 12:42:24.797] [info]   at org.scalatest.tools.Framework.org$scalatest$tools$Framework$$runSuite(Framework.scala:321)
[01-26 12:42:24.797] [info]   at org.scalatest.tools.Framework$ScalaTestTask.execute(Framework.scala:517)
[01-26 12:42:24.797] [info]   at sbt.ForkMain$Run.lambda$runTest$1(ForkMain.java:414)
[01-26 12:42:24.797] [info]   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[01-26 12:42:24.797] [info]   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[01-26 12:42:24.797] [info]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[01-26 12:42:24.797] [info]   at java.lang.Thread.run(Thread.java:750)
[01-26 12:42:24.798] [info] - test japi.TwoPhaseSetSerializer *** FAILED *** (0 milliseconds)
[01-26 12:42:24.798] [info]   java.lang.RuntimeException: As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line. See security vulnerability: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
[01-26 12:42:24.798] [info]   at jdocs.ddata.protobuf.TwoPhaseSetSerializer.twoPhaseSetFromBinary(TwoPhaseSetSerializer.java:94)
[01-26 12:42:24.798] [info]   at jdocs.ddata.protobuf.TwoPhaseSetSerializer.fromBinaryJava(TwoPhaseSetSerializer.java:61)
[01-26 12:42:24.798] [info]   at org.apache.pekko.serialization.JSerializer.fromBinary(Serializer.scala:296)
[01-26 12:42:24.798] [info]   at docs.ddata.DistributedDataDocSpec.$anonfun$new$21(DistributedDataDocSpec.scala:417)
[01-26 12:42:24.798] [info]   at org.scalatest.OutcomeOf.outcomeOf(OutcomeOf.scala:85)
[01-26 12:42:24.798] [info]   at org.scalatest.OutcomeOf.outcomeOf$(OutcomeOf.scala:83)
[01-26 12:42:24.798] [info]   at org.scalatest.OutcomeOf$.outcomeOf(OutcomeOf.scala:104)
[01-26 12:42:24.799] [info]   at org.scalatest.Transformer.apply(Transformer.scala:22)
[01-26 12:42:24.799] [info]   at org.scalatest.Transformer.apply(Transformer.scala:20)
[01-26 12:42:24.799] [info]   at org.scalatest.wordspec.AnyWordSpecLike$$anon$3.apply(AnyWordSpecLike.scala:1240)
[01-26 12:42:24.799] [info]   at org.scalatest.TestSuite.withFixture(TestSuite.scala:196)
[01-26 12:42:24.799] [info]   at org.scalatest.TestSuite.withFixture$(TestSuite.scala:195)
[01-26 12:42:24.799] [info]   at org.apache.pekko.testkit.PekkoSpec.withFixture(PekkoSpec.scala:79)
[01-26 12:42:24.799] [info]   at org.scalatest.wordspec.AnyWordSpecLike.invokeWithFixture$1(AnyWordSpecLike.scala:1238)
[01-26 12:42:24.799] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$runTest$1(AnyWordSpecLike.scala:1250)
[01-26 12:42:24.799] [info]   at org.scalatest.SuperEngine.runTestImpl(Engine.scala:306)
[01-26 12:42:24.799] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTest(AnyWordSpecLike.scala:1250)
[01-26 12:42:24.799] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTest$(AnyWordSpecLike.scala:1232)
[01-26 12:42:24.799] [info]   at org.apache.pekko.testkit.PekkoSpec.runTest(PekkoSpec.scala:79)
[01-26 12:42:24.800] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$runTests$1(AnyWordSpecLike.scala:1309)
[01-26 12:42:24.800] [info]   at org.scalatest.SuperEngine.$anonfun$runTestsInBranch$1(Engine.scala:413)
[01-26 12:42:24.801] [info]   at scala.collection.immutable.List.foreach(List.scala:334)
[01-26 12:42:24.802] [info]   at org.scalatest.SuperEngine.traverseSubNodes$1(Engine.scala:401)
[01-26 12:42:24.803] [info]   at org.scalatest.SuperEngine.runTestsInBranch(Engine.scala:396)
[01-26 12:42:24.803] [info]   at org.scalatest.SuperEngine.runTestsImpl(Engine.scala:475)
[01-26 12:42:24.803] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTests(AnyWordSpecLike.scala:1309)
[01-26 12:42:24.803] [info]   at org.scalatest.wordspec.AnyWordSpecLike.runTests$(AnyWordSpecLike.scala:1308)
[01-26 12:42:24.804] [info]   at org.apache.pekko.testkit.PekkoSpec.runTests(PekkoSpec.scala:79)
[01-26 12:42:24.804] [info]   at org.scalatest.Suite.run(Suite.scala:1114)
[01-26 12:42:24.804] [info]   at org.scalatest.Suite.run$(Suite.scala:1096)
[01-26 12:42:24.804] [info]   at org.apache.pekko.testkit.PekkoSpec.org$scalatest$wordspec$AnyWordSpecLike$$super$run(PekkoSpec.scala:79)
[01-26 12:42:24.804] [info]   at org.scalatest.wordspec.AnyWordSpecLike.$anonfun$run$1(AnyWordSpecLike.scala:1354)
[01-26 12:42:24.805] [info]   at org.scalatest.SuperEngine.runImpl(Engine.scala:535)
[01-26 12:42:24.805] [info]   at org.scalatest.wordspec.AnyWordSpecLike.run(AnyWordSpecLike.scala:1354)
[01-26 12:42:24.805] [info]   at org.scalatest.wordspec.AnyWordSpecLike.run$(AnyWordSpecLike.scala:1352)
[01-26 12:42:24.805] [info]   at org.apache.pekko.testkit.PekkoSpec.org$scalatest$BeforeAndAfterAll$$super$run(PekkoSpec.scala:79)
[01-26 12:42:24.805] [info]   at org.scalatest.BeforeAndAfterAll.liftedTree1$1(BeforeAndAfterAll.scala:213)
[01-26 12:42:24.806] [info]   at org.scalatest.BeforeAndAfterAll.run(BeforeAndAfterAll.scala:210)
[01-26 12:42:24.806] [info]   at org.scalatest.BeforeAndAfterAll.run$(BeforeAndAfterAll.scala:208)
[01-26 12:42:24.806] [info]   at org.apache.pekko.testkit.PekkoSpec.run(PekkoSpec.scala:79)
[01-26 12:42:24.806] [info]   at org.scalatest.tools.Framework.org$scalatest$tools$Framework$$runSuite(Framework.scala:321)
[01-26 12:42:24.806] [info]   at org.scalatest.tools.Framework$ScalaTestTask.execute(Framework.scala:517)
[01-26 12:42:24.806] [info]   at sbt.ForkMain$Run.lambda$runTest$1(ForkMain.java:414)
[01-26 12:42:24.807] [info]   at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[01-26 12:42:24.807] [info]   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[01-26 12:42:24.808] [info]   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[01-26 12:42:24.808] [info]   at java.lang.Thread.run(Thread.java:750)
[01-26 12:42:24.808] [info]   Cause: java.lang.UnsupportedOperationException: As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be called from protobuf gencode. If you are seeing this message, your gencode is vulnerable to a denial of service attack. You should regenerate your code using protobuf 25.6 or later. Use the latest version that meets your needs. However, if you understand the risks and wish to continue with vulnerable gencode, you can set the system property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the command line. See security vulnerability: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
[01-26 12:42:24.808] [info]   at org.apache.pekko.protobufv3.internal.GeneratedMessage.warnPre22Gencode(GeneratedMessage.java:327)
[01-26 12:42:24.808] [info]   at org.apache.pekko.protobufv3.internal.GeneratedMessageV3.makeExtensionsImmutable(Ge

@pjfanning pjfanning force-pushed the update/protobuf-java-3.25.6 branch from c6b2c87 to 77f69ea Compare January 26, 2025 19:36
@raboof raboof force-pushed the update/protobuf-java-3.25.6 branch from 77f69ea to 91c83dc Compare January 27, 2025 08:31
pjfanning
pjfanning approved these changes Jan 27, 2025
View reviewed changes
Copy link
Contributor

@pjfanning pjfanning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@raboof raboof merged commit 919d9c9 into main Jan 27, 2025
9 checks passed
@pjfanning pjfanning deleted the update/protobuf-java-3.25.6 branch January 27, 2025 10:31
@pjfanning pjfanning mentioned this pull request Jan 27, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjfanning pjfanning pjfanning approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2.0-M1
Development

Successfully merging this pull request may close these issues.
2 participants
@raboof @pjfanning