0.8.1

Protobuf with potential Denial of Service (CVE-2024-7254)

sbt-protobuf 0.8.1 updates protobuf-java library to 3.25.5 to address CVE-2024-7254 / GHSA-735f-pc8j-v9w8, which states that while parsing unknown fields in the Protobuf Java library, a maliciously crafted message can cause a StackOverflow error.

• Update protobuf-java to 3.25.5 by @scala-steward-bot in #200

behind the scene

• refactor: Use string interpolation instead of format method by @xuwei-k in #207
• deps: Update scala-library to 2.12.20 by @scala-steward-bot in #197
• ci: Update sbt, scripted-plugin to 1.10.3 by @scala-steward-bot in #208
• ci: Update sbt-ci-release to 1.8.0 by @scala-steward-bot in #205
• ci: Pin protobuf-java to 3.x for now by @eed3si9n in #209
• ci: Add setup-sbt by @eed3si9n in #206
• ci: Update sbt-nocomma to 0.1.2 by @scala-steward-bot in #203

Full Changelog: v0.8.0...v0.8.1

0.8.0

Using Coursier to resolve protoc and gRPC support

Previously sbt-protobuf used protoc-jar to resolve protoc. sbt-protobuf 0.8.0 uses Coursier instead to resolve the protoc CLI executable. This has the benefit of respecting the resolvers setting if you're behind a Maven proxy. In addition, sbt-protobuf 0.8.0 adds protobufGrpcEnabled setting to enable gRPC compilation:

protobufGrpcEnabled := true

See https://github.com/sbt/sbt-protobuf/tree/main/src/sbt-test/sbt-protobuf/grpc for details. This was contributed by @eed3si9n in #177.

Using Glob(...) for protobufExcludeFilters

sbt-protobuf 0.8.0 adds new settings protobufIncludeFilters and protobufExcludeFilters, which uses Glob(...) feature that was added in sbt 1.3.x. Unlike excludeFilter, which works only to filter out certain file extensions the glob extension can be used to exclude *.proto files in some directories. The default exclude filter has something like this:

ProtobufConfig  / protobufExcludeFilters ++= {
  val dirs = (ProtobufConfig  / sourceDirectories).value
  dirs.map(d => Glob(d.toPath()) / "google" / "protobuf" / "*.proto")
}

This is useful when you extend the *.proto sources to (ProtobufConfig / protobufExternalIncludePath).value, and some of the schemata have precompiled Java modules. This was contributed by @eed3si9n in #175.

Full Changelog: v0.7.3...v0.8.0

0.7.3

update

• Update protobuf-java to 3.25.3 by @scala-steward-bot in #171

behind the scene

• Bump actions/checkout from 3 to 4 by @dependabot in #160
• Bump actions/setup-java from 3 to 4 by @dependabot in #168
• Include main as main branch candidate by @eed3si9n in #173
• Update sbt to 1.9.9 by @scala-steward-bot in #172
• Update sbt-ci-release to 1.5.12 by @scala-steward-bot in #143
• Update sbt-nocomma to 0.1.1 by @scala-steward-bot in #131

Full Changelog: v0.7.2...v0.7.3

0.7.2

update

• Update protobuf-java to 3.21.9 by @scala-steward-bot in #129

behind the scene

• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #110
• Bump actions/setup-java from 2 to 3 by @dependabot in #114
• Update sbt to 1.7.3 by @scala-steward-bot in #130
• Update sbt-ci-release to 1.5.11 by @scala-steward-bot in #128

Full Changelog: v0.7.1...v0.7.2

0.7.1

updates

• Drop sbt 0.13.x by @xuwei-k in #75
• Update protobuf-java to 3.18.0 by @scala-steward-bot in #92

behind the scene

• Bump coursier/cache-action from v5 to v6 by @dependabot in #80
• Bump olafurpg/setup-scala from 12 to 13 by @dependabot in #90
• Readme: workaround for intellij bsp bug by @mpollmeier in #91
• Update sbt to 1.5.4 by @scala-steward-bot in #87
• Update sbt to 1.5.5 by @scala-steward-bot in #89
• Update sbt-ci-release to 1.5.9 by @scala-steward-bot in #93
• Use slash syntax instead of "in" by @xuwei-k in #76

new contributors

• @mpollmeier made their first contribution in #91

Full Changelog: v0.7.0...v0.7.1

0.7.0

updates

• Use sbt-ci-release. change groupId by @xuwei-k in #74
• Use protoc-jar to download protoc automatically by @eed3si9n in #67

behind the scene

• Update sbt to 1.3.5 by @xuwei-k in #66
• Bump actions/checkout from v1 to v2.3.4 by @dependabot in #68
• Update sbt-release to 1.0.15 by @scala-steward-bot in #72

Full Changelog: v0.6.5...v0.7.0

0.6.5

update

• Update protobuf version to 3.7.1 by @regadas in #64

behind the scene

• Update sbt-bintray to 0.5.5 by @xuwei-k in #60
• Cleanup travis sbt matrix by @regadas in #63
• Use sbt 1.2.x by default by @regadas in #62

new contributors

• @regadas made their first contribution in #64

Full Changelog: v0.6.4...v0.6.5

v0.5.1

https://bintray.com/sbt/sbt-plugin-releases/sbt-protobuf/0.5.1

v0.5.0

https://bintray.com/sbt/sbt-plugin-releases/sbt-protobuf/0.5.0/