Skip to content

build(deps): bump thrift from 0.17.0 to 0.23.0 in /quickwit#6577

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/quickwit/thrift-0.23.0
Open

build(deps): bump thrift from 0.17.0 to 0.23.0 in /quickwit#6577
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/quickwit/thrift-0.23.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps thrift from 0.17.0 to 0.23.0.

Release notes

Sourced from thrift's releases.

Version 0.23.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.22.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.21.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.20.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.19.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.18.1

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Version 0.18.0

Please head over to the official release download source: http://thrift.apache.org/download

The assets listed below are added by Github based on the release tag and they will therefore not match the checkums published on the Thrift project website.

Changelog

Sourced from thrift's changelog.

0.23.0

Build Process

C glib

  • THRIFT-5931 - thrift_ssl_socket_get_ssl_error() can underflow its remaining-buffer counter and write past the stack buffer
  • THRIFT-5871 - Improve MAX_MESSAGE_SIZE check and friends

C++

  • THRIFT-5911 - Inconsistent UUID compilation for aliased types
  • THRIFT-5912 - Assertion failed: delta > 0, file ThreadManagerTests.h, line 162
  • THRIFT-5880 - C++ TSocket on an IPv6-only system fails if you use a hostname of 127.0.0.1
  • THRIFT-3268 - warning: token pasting of ',' and __VA_ARGS__ is a GNU extension
  • THRIFT-5887 - build/cmake/ should be prepended (not appended) to CMAKE_MODULE_PATH
  • THRIFT-5878 - Add UUID support for THeaderProtocol and TProtocolTap
  • THRIFT-5898 - Unable to build Thrift as a shared library on Windows

Contributed

  • THRIFT-5920 - Remove threadsafe warnings in thrift-maven-plugin

Delphi

  • THRIFT-5939 - Replace GUID generation with stable UUID algorithm
  • THRIFT-5876 - Add Delphi WinHTTP client TLS1.3 support

Go

  • THRIFT-5896 - Race condition in TServerSocket.Addr() method

Java

  • THRIFT-5925 - UUID implementation in JAVA is not according to the Thrift Specification
  • THRIFT-5869 - Close the transport after TServerEventHandler deleteContext
  • THRIFT-5863 - Make TServerTransport able to customize the max message size
  • THRIFT-5774 - Add remote client's IP address to ServerContext in TServerEventHandler
  • THRIFT-4280 - Add async nonblocking ssl support in java client
  • THRIFT-5879 - java and kotlin cross tests fail in the GitHub action

netstd

... (truncated)

Commits
  • c4cbe43 Address vulnerabilities in Rack
  • 68ac8e9 Enable TLS hostname verification in TNonblockingSSLSocket
  • 5e4f01d Harden Node.js WebSocket server handling
  • e242889 Add input validation to Swift protocol layer
  • 4af8c7c Add recursion depth limit to Node.js protocol skip()
  • a30c552 Enable TLS hostname verification in TSSLTransportFactory
  • 276ec88 THRIFT-5929: Fix build failure on PHP 8.5 due to removed zend_exception_get_d...
  • df52ad4 EXTRA_DIST fixes
  • 21a89c6 build fixes
  • 630d66c added int range checks
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jul 6, 2026
@dependabot dependabot Bot requested review from a team as code owners July 6, 2026 13:42
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update Rust code labels Jul 6, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ab2b359cca

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

serde_with = { workspace = true }
thiserror = { workspace = true }
thrift = { version = "0.17", default-features = false }
thrift = { version = "0.23", default-features = false }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep thrift aligned with parquet

When compiling quickwit-parquet-engine, this bump leaves parquet 58 locked to thrift 0.17.0 while this crate now imports thrift 0.23.0. streaming_reader.rs passes thrift::protocol::TCompactInputProtocol/TCompactOutputProtocol into PageHeader's parquet::thrift::TSerializable methods, whose protocol trait bounds come from parquet's thrift 0.17 re-export; with two thrift crate instances those are different trait/type universes, so the crate no longer type-checks. Align the direct dependency with parquet's thrift version, or update parquet at the same time.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/quickwit/thrift-0.23.0 branch from ab2b359 to a83441d Compare July 7, 2026 15:30
Bumps [thrift](https://github.com/apache/thrift) from 0.17.0 to 0.23.0.
- [Release notes](https://github.com/apache/thrift/releases)
- [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md)
- [Commits](apache/thrift@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: thrift
  dependency-version: 0.23.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/quickwit/thrift-0.23.0 branch from a83441d to 01e809a Compare July 7, 2026 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update Rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants