Bump io.github.ascopes:protobuf-maven-plugin from 5.0.0 to 5.0.2

[dependabot]

Bumps io.github.ascopes:protobuf-maven-plugin from 5.0.0 to 5.0.2.

Release notes

Sourced from io.github.ascopes:protobuf-maven-plugin's releases.

v5.0.2

Bugfixes:

• Reimplement artifact resolution to handle additional edge cases that may previously have bled into other code and caused spurious/unhelpful/vague exceptions during dependency resolution.
  • Specifically, this handles a case where passing a non-existent classifier on a published dependency could result in an ArrayIndexOutOfBoundsException being raised at runtime. Other edge cases should also be handled more sensibly moving forwards.

Other changes:

• Dependency resolution now explicitly ensures additional configuration overrides within the Maven/Aether transports are propagated and used correctly with respect to things like proxies and custom authenticators.
• New examples by @​sleepkqq for building Kotlin gRPC projects in the documentation.
• Build on Maven 3.9.13 in addition to 3.9.6 and 4.0.0-rc-5, now that the former has been released.

v5.0.1 release notes

• Implemented partial workaround for GH-596 where users may experience OutOfMemoryExceptions being raised by Eclipse Aether during dependency resolution. - The plugin now follows similar behaviour to Maven Core by not recursing into transitive test dependencies and fat artifact dependencies, which was considered to be surprising and undefined behaviour.
  • Users depending on the old behaviour should explicitly declare their dependencies following standard Maven conventions.
  • This is not deemed a breaking change since the old behaviour is undefined and does not follow Maven default behaviour.
• Reverted offloading project dependency resolution to Maven to address GH-939.
  • This previously manifested as various Maven reactor failures when resolving sibling dependencies in a Maven multi-module project.
  • Users can now disable dependency resolution for the main project dependencies correctly by setting <ignoreProjectDependencies>true</ignoreProjectDependencies> and only specify their protobuf dependencies via the plugin itself.
• Reduced default concurrency multiplier used for various internal tasks after several JFR profiling sessions showed a general lack of utilisation of the thread pool.
  • This should reduce idle resources slightly in builds.
• Various Aether internals are now cached for the duration of the plugin goal rather than recreated numerous times during dependency resolution.
  • This should reduce resource usage slightly in builds.
• Updated plugin to use protobuf-java:4.34.0for various descriptor file-related activities.
• Updated project and integration test dependencies to verify plugin compatibility across various component matrices.

Commits

• 7d80b0e [maven-release-plugin] prepare release v5.0.2
• b7ba3a4 Merge pull request #955 from ascopes/dependabot/maven/main/org.apache.maven-m...
• 11bbb92 Merge pull request #956 from ascopes/dependabot/maven/main/org.apache.maven.p...
• e7ca48e Merge pull request #957 from ascopes/dependabot/maven/main/org.apache.maven-m...
• aa8bfc1 Merge pull request #958 from ascopes/dependabot/maven/protobuf-maven-plugin/s...
• 5d53f85 Bump net.alchim31.maven:scala-maven-plugin
• 261f7b0 Bump org.apache.maven:maven-core from 3.9.12 to 3.9.13
• 883c348 Bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0
• c9b37cb Bump org.apache.maven:maven-plugin-api from 3.9.12 to 3.9.13
• 7586ac0 Merge pull request #954 from ascopes/bugfix/GH-951
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)