Bump the google-protobuf group across 1 directory with 3 updates

[dependabot]

Bumps the google-protobuf group with 3 updates in the /impl/google-protobuf directory: google-protobuf, @protocolbuffers/protoc-gen-js and @bufbuild/buf.

Updates google-protobuf from 4.0.1 to 4.0.2

Release notes

Sourced from google-protobuf's releases.

v4.0.2

• stop hardcoding protoc-gen-js plugin version in download script. This fixes an issue where @​protocolbuffers/protoc-gen-js only downloads v4.0.0, which lacks support for editions 2024

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.1...v4.0.2

EDIT: Feb. 27, 2026: macos and windows releases were mistakenly double-zipped, causing further problems for the @​protocolbuffers/protoc-gen-js's download script. Re-uploading the inner zip files to fix.

v4.0.2-rc7

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc7")

What's Changed

• adjust path for archive and bump pre-release version by @​dibenede in protocolbuffers/protobuf-javascript#273

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.2-rc6...v4.0.2-rc7

v4.0.2-rc6

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc6")

What's Changed

• add MODULE.bazel and licenses to BCR package, bump pre-release version by @​dibenede in protocolbuffers/protobuf-javascript#272

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.2-rc5...v4.0.2-rc6

v4.0.2-rc5

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc5")

What's Changed

... (truncated)

Commits

• 88c63a0 bump version v4.0.2
• 1cb4478 Use protoc_plugin's package.json version instead of hardcoding
• 261daec Update for bazel 9 and protobuf 33.4 (#274)
• d0a7fc0 adjust path for archive and bump pre-release version (#273)
• 9eb5f39 add MODULE.bazel and licenses to BCR package, bump pre-release version
• edcf435 Switch BCR release workflow javascript source tarball, bump version (#271)
• 34756fc Bump version to 4.0.2-rc4 for testing BCR workflow
• 016866a Use bazel build for BCR release test command
• 7d64c8d Add placeholder google-protobuf.js file to fix missing input
• b784079 Bump version to v4.0.2-rc2 or testing BCR workflow
• Additional commits viewable in compare view

Updates @protocolbuffers/protoc-gen-js from 4.0.1 to 4.0.2

Release notes

Sourced from @​protocolbuffers/protoc-gen-js's releases.

v4.0.2

• stop hardcoding protoc-gen-js plugin version in download script. This fixes an issue where @​protocolbuffers/protoc-gen-js only downloads v4.0.0, which lacks support for editions 2024

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.1...v4.0.2

EDIT: Feb. 27, 2026: macos and windows releases were mistakenly double-zipped, causing further problems for the @​protocolbuffers/protoc-gen-js's download script. Re-uploading the inner zip files to fix.

v4.0.2-rc7

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc7")

What's Changed

• adjust path for archive and bump pre-release version by @​dibenede in protocolbuffers/protobuf-javascript#273

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.2-rc6...v4.0.2-rc7

v4.0.2-rc6

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc6")

What's Changed

• add MODULE.bazel and licenses to BCR package, bump pre-release version by @​dibenede in protocolbuffers/protobuf-javascript#272

Full Changelog: protocolbuffers/protobuf-javascript@v4.0.2-rc5...v4.0.2-rc6

v4.0.2-rc5

Using bzlmod with Bazel 7 or later:

Add to your MODULE.bazel file:

bazel_dep(name = "protobuf_javascript", version = "v4.0.2-rc5")

What's Changed

... (truncated)

Commits

• 88c63a0 bump version v4.0.2
• 1cb4478 Use protoc_plugin's package.json version instead of hardcoding
• 261daec Update for bazel 9 and protobuf 33.4 (#274)
• d0a7fc0 adjust path for archive and bump pre-release version (#273)
• 9eb5f39 add MODULE.bazel and licenses to BCR package, bump pre-release version
• edcf435 Switch BCR release workflow javascript source tarball, bump version (#271)
• 34756fc Bump version to 4.0.2-rc4 for testing BCR workflow
• 016866a Use bazel build for BCR release test command
• 7d64c8d Add placeholder google-protobuf.js file to fix missing input
• b784079 Bump version to v4.0.2-rc2 or testing BCR workflow
• Additional commits viewable in compare view

Updates @bufbuild/buf from 1.62.1 to 1.66.0

Release notes

Sourced from @​bufbuild/buf's releases.

v1.66.0

• Add LSP comment ignore code action to add comment ignores for lint errors.
• Fix buf breaking module comparison when adding new modules.
• Add LSP hover support for protovalidate CEL expressions.
• Fixed offset handling in CEL semantic tokens for non-ASCII content and proto escape sequences in multi-line string literal expressions.
• Improve URI normalization for the LSP.

v1.65.0

• Add buf registry policy {commit,create,delete,info,label,settings} commands to manage BSR policies.
• Add LSP deprecate code action to add the deprecated option on types and symbols.
• Fix import LSP document link to not include import keyword.
• Update PROTOVALIDATE lint rule to support checking unenforceable required rules on repeated.items, map.keys and map.values.
• Add buf source edit deprecate command to deprecate types by setting the deprecate = true option.

v1.64.0

• Fix LSP completion for options.
• Add LSP document highlighting support.
• Add LSP completion for fully-qualified type references.
• Improve LSP semantic tokens implementation (for syntax highlighting).
• Add LSP organize imports code action to add missing imports, remove unused imports, and sort imports alphabetically.
• Add LSP document link support.
• Add LSP folding range support.
• Update PROTOVALIDATE lint rule to support checking cel_expression fields for valid CEL.

v1.63.0

• Update PROTOVALIDATE lint rule to support field mask rules.
• Add LSP completion for field numbers.

Changelog

Sourced from @​bufbuild/buf's changelog.

[v1.66.0] - 2026-02-23

• Add LSP comment ignore code action to add comment ignores for lint errors.
• Fix buf breaking module comparison when adding new modules.
• Add LSP hover support for protovalidate CEL expressions.
• Fixed offset handling in CEL semantic tokens for non-ASCII content and proto escape sequences in multi-line string literal expressions.
• Improve URI normalization for the LSP.

[v1.65.0] - 2026-02-03

• Add buf registry policy {commit,create,delete,info,label,settings} commands to manage BSR policies.
• Add LSP deprecate code action to add the deprecated option on types and symbols.
• Fix import LSP document link to not include import keyword.
• Update PROTOVALIDATE lint rule to support checking unenforceable required rules on repeated.items, map.keys and map.values.
• Add buf source edit deprecate command to deprecate types by setting the deprecate = true option.

[v1.64.0] - 2026-01-19

• Fix LSP completion for options.
• Add LSP document highlighting support.
• Add LSP completion for fully-qualified type references.
• Improve LSP semantic tokens implementation (for syntax highlighting).
• Add LSP organize imports code action to add missing imports, remove unused imports, and sort imports alphabetically.
• Add LSP document link support.
• Add LSP folding range support.
• Update PROTOVALIDATE lint rule to support checking cel_expression fields for valid CEL.

[v1.63.0] - 2026-01-06

• Update PROTOVALIDATE lint rule to support field mask rules.
• Add LSP completion for field numbers.

Commits

• 7704876 Release v1.66.0 (#4354)
• 58efc27 Add URI normalisation improvements to changelog (#4353)
• 1e73b90 Make upgrade (#4350)
• 58711b2 Fix test flake (#4347)
• 879d7a9 Add further compatibility fixes for normalizeURI (#4346)
• 743f729 Replace : with %3A after file:/// scheme in URIs to match VS Code's LSP clien...
• 5781e7d Use vendored protovalidate in LSP CEL hover tests (#4343)
• 20d7d13 Add LSP hover support for CEL documentation (#4341)
• ffccea6 Highlight nested CEL fields (#4342)
• 9a28fcb Add LSP code action for adding lint ignores (#4334)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions