Skip to content

Bump wire from 6.4.1 to 6.4.5#972

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/wire-6.4.5
Open

Bump wire from 6.4.1 to 6.4.5#972
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/wire-6.4.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps wire from 6.4.1 to 6.4.5.
Updates com.squareup.wire:wire-runtime from 6.4.1 to 6.4.5

Changelog

Sourced from com.squareup.wire:wire-runtime's changelog.

Version 6.4.5

2026-06-29

Common

  • Security: Reject oversized lengths and fixed-width values that exceed the current reader limit in Java/Kotlin and Swift runtimes (#3635, [GHSA-9rm7-3qhh-h2mc][GHSA-9rm7-3qhh-h2mc] reported by Ta Duc Thien and Duc Anh Nguyen)

Version 6.4.4

2026-06-23

Common

  • Security: Reject negative lengths when skipping groups in Swift, so crafted protobuf payloads throw ProtocolException instead of unchecked runtime exceptions (#3616, [GHSA-86wm-r4c5-2rc9][GHSA-86wm-r4c5-2rc9], reported by [tonghuaroot][tonghuaroot])

Version 6.4.0

2026-05-15

Common

  • Security: Escape comment delimiters in generated documentation for Java, Kotlin, and Swift, preventing malicious proto documentation from injecting source code into generated files (#3600)

Version 7.0.0-alpha03

2026-05-14

Common

  • Security: Reject negative lengths when skipping groups in Java/Kotlin, so crafted protobuf payloads throw ProtocolException instead of unchecked runtime exceptions (#3597, [GHSA-7xpr-hc2w-34m9][GHSA-7xpr-hc2w-34m9], reported by [TrekLaps][TrekLaps])

Version 6.3.0

2026-05-13

Common

... (truncated)

Commits

Updates com.squareup.wire from 6.4.1 to 6.4.5

@dependabot dependabot Bot added dependabot: gradle Dependabot PRs which update Gradle versions pr: dependency update PRs that update the project's dependencies. labels Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/wire-6.4.5 branch from f15c0d5 to 636d174 Compare July 2, 2026 02:20
Bumps `wire` from 6.4.1 to 6.4.5.

Updates `com.squareup.wire:wire-runtime` from 6.4.1 to 6.4.5
- [Changelog](https://github.com/square/wire/blob/master/CHANGELOG.md)
- [Commits](square/wire@6.4.1...6.4.5)

Updates `com.squareup.wire` from 6.4.1 to 6.4.5

---
updated-dependencies:
- dependency-name: com.squareup.wire
  dependency-version: 6.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: com.squareup.wire:wire-runtime
  dependency-version: 6.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/wire-6.4.5 branch from 636d174 to fb00fe2 Compare July 2, 2026 02:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependabot: gradle Dependabot PRs which update Gradle versions pr: dependency update PRs that update the project's dependencies.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants