Skip to content

Comments

[Snyk] Upgrade @bufbuild/protobuf from 1.10.0 to 2.0.0#57

Open
f0o wants to merge 1 commit intonextfrom
snyk-upgrade-fa815606f08f9465639b356da4e6d38d
Open

[Snyk] Upgrade @bufbuild/protobuf from 1.10.0 to 2.0.0#57
f0o wants to merge 1 commit intonextfrom
snyk-upgrade-fa815606f08f9465639b356da4e6d38d

Conversation

@f0o
Copy link
Contributor

@f0o f0o commented Sep 13, 2024

snyk-top-banner

Snyk has created this PR to upgrade @bufbuild/protobuf from 1.10.0 to 2.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released on a month ago.

Release notes
Package name: @bufbuild/protobuf
  • 2.0.0 - 2024-07-30

    What's new in version 2

    To support Protobuf editions, we have to make breaking changes that also affect users of proto2 and proto3. This prompted us to make more extensive changes that take feedback from version 1 into account:

    We no longer use classes. Instead, we generate a schema object and a type for every message. To create a new instance, to serialize, and for other concerns, we provide functions. Here is a simple example:

    import { create, toBinary } from "@ bufbuild/protobuf";
    import { UserSchema } from "./gen/example_pb";

    let user = create(UserSchema, {
    firstName: "Homer",
    lastName: "Simpson",
    active: true,
    });

    const bytes = toBinary(UserSchema, user);

    If you use proto3, messages are now plain objects. Files with proto2 and editions use the prototype chain to track field presence.

    This approach solves several outstanding issues, such as:

    • #397 Provide custom options at runtime
    • #551 Generated types allow assigning wrong message type if it is a superset of the target type
    • #414 Improvements for proto2 required
    • #738 type-save full enum value names
    • #928 Better interop with 3rd party frameworks requiring plain objects
    • #508 JSON types

    Tip

    Take a look at the upgrade guide to learn more.

    Note

    Connect-ES does not support version 2 yet. We will update it shortly.

    Contributors

    Thanks to @ srikrsna-buf for his contributions to v2!

  • 2.0.0-beta.3 - 2024-07-23

    What's Changed

    This is the third beta release for version 2. See v2.0.0-alpha.1 for an introduction. To install beta packages, run npm install @ bufbuild/protobuf@beta @ bufbuild/protoc-gen-es@beta.

    Full Changelog: v2.0.0-beta.2...v2.0.0-beta.3

  • 2.0.0-beta.2 - 2024-06-26

    What's Changed

    This is the second beta release for version 2. See v2.0.0-alpha.1 for an introduction. To install beta packages, run npm install @ bufbuild/protobuf@beta @ bufbuild/protoc-gen-es@beta.

    Full Changelog: v2.0.0-beta.1...v2.0.0-beta.2

  • 2.0.0-beta.1 - 2024-06-24

    What's Changed

    This is the first beta release for version 2. See v2.0.0-alpha.1 for an introduction. To install beta packages, run npm install @ bufbuild/protobuf@beta @ bufbuild/protoc-gen-es@beta.

    Full Changelog: v2.0.0-alpha.4...v2.0.0-beta.1

  • 2.0.0-alpha.4 - 2024-06-04

    What's Changed

    This is the fourth alpha release for version 2. See v2.0.0-alpha.1 for an introduction.

    Full Changelog: v2.0.0-alpha.3...v2.0.0-alpha.4

  • 2.0.0-alpha.3 - 2024-06-03

    What's Changed

    This is the third alpha release for version 2. See v2.0.0-alpha.1 for an introduction.

    Full Changelog: v2.0.0-alpha.2...v2.0.0-alpha.3

  • 2.0.0-alpha.2 - 2024-05-13

    What's Changed

    This is the second alpha release for version 2. See v2.0.0-alpha.1 for an introduction.

    Breaking

    Fixes

    • Strip only last .proto suffix for DescFile.name by @ timostamm in #807
    • Fix wrapper extension JSON serialization by @ timostamm in #821
    • Check for matching field numbers in StartGroup / EndGroup tags by @ timostamm in #810
    • For deprecated elements, generate a @ deprecated tag on descriptors by @ timostamm in #818

    New Features

    Performance improvements

    Full Changelog: v2.0.0-alpha.1...v2.0.0-alpha.2

  • 2.0.0-alpha.1 - 2024-04-22

    What's new in version 2

    To support Protobuf editions, we have to make breaking changes that also affect users of proto2 and proto3. This prompted us to make more extensive changes that take feedback from version 1 into account:

    We no longer uses classes. Instead, we generate a type and a descriptor for every message, and provide functions to create a new instance, for serialization, and other concerns. Here is a simple example:

    import { create, toBinary, fromBinary, fromJsonString } from "@ bufbuild/protobuf";
    import { UserDesc } from "./gen/user_pb.js";

    let user = create(UserDesc, {
    firstName: "Homer",
    lastName: "Simpson",
    active: true,
    locations: ["Springfield"],
    projects: { SPP: "Springfield Power Plant" },
    manager: {
    firstName: "Montgomery",
    lastName: "Burns",
    },
    });

    const bytes = toBinary(UserDesc, user);
    user = fromBinary(UserDesc, bytes);
    user = fromJsonString(UserDesc, '{"firstName": "Homer", "lastName": "Simpson"}');

    This approach solves several outstanding issues, such as:

    • #397 Provide custom options at runtime
    • #551 Generated types allow assigning wrong message type if it is a superset of the target type
    • #414 Improvements for proto2 required
    • #738 type-save full enum value names
    • #928 Better interop with 3rd party frameworks requiring plain objects
    • #508 JSON types

    If you use proto3, messages are now plain objects. Files with proto2 and editions use the prototype chain to track field presence.

    Please note that this is an alpha release, and APIs might still change. We're also missing documentation yet. But if you want to try it out, we welcome your feedback!

    This release is published with the alpha tag. To install the alpha packages, you can run:

    npm install @ bufbuild/protobuf@alpha @ bufbuild/protoc-gen-es@alpha

    Contributors

    Thanks to @ srikrsna-buf for his contributions to v2!

  • 1.10.0 - 2024-05-30

    What's Changed

    Full Changelog: v1.9.0...v1.10.0

from @bufbuild/protobuf GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade @bufbuild/protobuf from 1.10.0 to 2.0.0
bdb13c1 
Snyk has created this PR to upgrade @bufbuild/protobuf from 1.10.0 to 2.0.0.

See this package in npm:
@bufbuild/protobuf

See this project in Snyk:
https://app.snyk.io/org/as203038/project/2aa6cb33-d0d4-4ea7-bba5-9f2bd3287adb?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@f0o @snyk-bot