Bump protobufjs from 8.0.2 to 8.6.0

[dependabot]

Bumps protobufjs from 8.0.2 to 8.6.0.

Release notes

Sourced from protobufjs's releases.

protobufjs: v8.6.0

8.6.0 (2026-06-04)

Features

• Add spec-compliant protojson extension (#2297) (ffd3d51)

Bug Fixes

• Avoid name collisions in generated code (#2302) (ce013ab)
• cli: Vendor patched Catharsis for pbts (#2304) (29f7c96)
• Remove postinstall script (#2299) (b8ed7be)
• Support null-prototype plain objects in converters (#2300) (bf20d84)

protobufjs: v8.5.0

8.5.0 (2026-05-29)

Features

• Add option to discard unknown fields (#2289) (f8c489b)
• Expose RPC metadata on service methods (#2286) (711a279)

Bug Fixes

• cli: Consistently handle derived names (#2293) (9e80030)
• Consistently reject null message argument in fromObject (#2287) (0f6178d)
• Prefer nested type resolution over global fallback (#2288) (4b4c703)

protobufjs: v8.4.2

8.4.2 (2026-05-22)

Bug Fixes

• Align reserved range semantics (#2277) (48aa10f)
• Coerce int32 values before writer sizing (#2281) (53c2e54)

protobufjs: v8.4.1

8.4.1 (2026-05-21)

Bug Fixes

• Correct util helper typing (#2279) (664a3d1)
• Decode omitted long map values as Long (#2264) (a71254b)
• Expose Field rule declaration (#2261) (1664cbf)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

8.6.0 (2026-06-04)

Features

• Add spec-compliant protojson extension (#2297) (ffd3d51)

Bug Fixes

• Avoid name collisions in generated code (#2302) (ce013ab)
• cli: Vendor patched Catharsis for pbts (#2304) (29f7c96)
• Remove postinstall script (#2299) (b8ed7be)
• Support null-prototype plain objects in converters (#2300) (bf20d84)

8.5.0 (2026-05-29)

Features

• Add option to discard unknown fields (#2289) (f8c489b)
• Expose RPC metadata on service methods (#2286) (711a279)

Bug Fixes

• cli: Consistently handle derived names (#2293) (9e80030)
• Consistently reject null message argument in fromObject (#2287) (0f6178d)
• Prefer nested type resolution over global fallback (#2288) (4b4c703)

8.4.2 (2026-05-22)

Bug Fixes

• Align reserved range semantics (#2277) (48aa10f)
• Coerce int32 values before writer sizing (#2281) (53c2e54)

8.4.1 (2026-05-21)

Bug Fixes

• Correct util helper typing (#2279) (664a3d1)
• Decode omitted long map values as Long (#2264) (a71254b)
• Expose Field rule declaration (#2261) (1664cbf)
• Improve message return typings (#2274) (0f54489)
• Misc utility hardening (#2272) (3de631b)
• Omit proto3 synthetic oneofs in toObject (#2273) (9a78a4a)
• Preserve writer state in static encodeDelimited (#2275) (d28ec57)

... (truncated)

Commits

• 8631d9b chore: release master (#2301)
• 29f7c96 fix(cli): Vendor patched Catharsis for pbts (#2304)
• ce013ab fix: Avoid name collisions in generated code (#2302)
• ffd3d51 feat: Add spec-compliant protojson extension (#2297)
• bf20d84 fix: Support null-prototype plain objects in converters (#2300)
• b8ed7be fix: Remove postinstall script (#2299)
• 4655f8d chore: release master (#2292)
• 9e80030 fix(cli): Consistently handle derived names (#2293)
• f8c489b feat: Add option to discard unknown fields (#2289)
• 4b4c703 fix: Prefer nested type resolution over global fallback (#2288)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.79%. Comparing base (ccaade5) to head (73090f9).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2162   +/-   ##
=======================================
  Coverage   45.79%   45.79%           
=======================================
  Files        1037     1037           
  Lines       17265    17265           
  Branches     3140     3140           
=======================================
  Hits         7907     7907           
  Misses       9358     9358           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.