Bump protobufjs and dapr-client in /custom-component-dapr

[dependabot]

Bumps protobufjs to 7.5.5 and updates ancestor dependency dapr-client. These dependencies need to be updated together.

Updates protobufjs from 5.0.3 to 7.5.5

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

protobufjs: v7.5.1

7.5.1 (2025-05-08)

Bug Fixes

• optimize regressions from editions implementations (#2066) (6406d4c)
• reserved field inside group blocks fail parsing (#2058) (56782bf)

protobufjs: v7.5.0

7.5.0 (2025-04-15)

Features

• add Edition 2023 Support (f04ded3)
• add Edition 2023 Support (ac9a3b9)
• add Edition 2023 Support (e5ca5c8)
• add Edition 2023 Support (a84409b)
• add Edition 2023 Support (9c5a178)
• add Edition 2023 Support (b2c6867)
• add Edition 2023 Support (60f3e51)
• add Edition 2023 Support (a656361)
• add Edition 2023 Support (869a95b)
• add Edition 2023 Support (b936af4)
• add Edition 2023 Support (a938467)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

Changelog

8.0.1 (2026-03-11)

Bug Fixes

• bump protobufjs dependency version for cli package (#2128) (549b05e)
• correct json syntax in tsconfig.json (#2120) (8065625)
• descriptor: guard oneof index for non-Type parents (#2122) (1cac5cf)
• do not allow setting proto in Message constructor (#2126) (f05e3c3)
• filter invalid characters from the type name (#2127) (535df44)

8.0.0 (2025-12-16)

⚠ BREAKING CHANGES

• add Edition 2024 Support (#2060)

Features

• add Edition 2024 Support (#2060) (53e8492)

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

... (truncated)

Commits

• b7bdfaf chore: release 7.5.5
• ff7b2af fix: filter invalid characters from the type name (#2127)
• 086b19d fix: do not allow setting proto in Message constructor (#2126)
• 827ff8e chore: release master (#2093)
• 5a3769a fix: invalid syntax in descriptor.proto (#2092)
• f42297b chore: release master (#2076)
• 6e255d4 fix: descriptor extensions handling post-editions (#2075)
• 9467abe chore: release master (#2070)
• 4b51cb2 fix: ensure that types are always resolved (#2068)
• 69cced8 chore: release master (#2067)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by fenster, a new releaser for protobufjs since your current version.

Install script changes

This version adds postinstall script and modifies prepublish script that run during installation. Review the package contents before updating.

Updates dapr-client from 1.0.2 to 3.6.1

Release notes

Sourced from dapr-client's releases.

v3.6.0

What's Changed

• [PubSub] Renamed lookupTopicWildcard method to fix spelling issue by @​WhitWaldo in dapr/js-sdk#678
• Updated package.json values by @​WhitWaldo in dapr/js-sdk#682
• Updated E2E tests to use latest stable Dapr version for CLI and runtime by @​WhitWaldo in dapr/js-sdk#686
• Remove prettifier from build by @​WhitWaldo in dapr/js-sdk#684
• Removed references to Workflow components by @​WhitWaldo in dapr/js-sdk#687
• Removes stale bot from repo by @​WhitWaldo in dapr/js-sdk#690
• chore: update dependencies by @​joebowbeer in dapr/js-sdk#699
• Update daprdocs markdown files to be compatible with latest Hugo by @​marcduiker in dapr/js-sdk#709
• Generated new protos for release 1.16 by @​WhitWaldo in dapr/js-sdk#713

Full Changelog: dapr/js-sdk@v3.5.2...v3.6.0

Huge thank you to everyone that participated in this release!

v3.5.2

What's Changed

• Update package.json by @​WhitWaldo in dapr/js-sdk#662

Full Changelog: dapr/js-sdk@v3.5.1...v3.5.2

v3.5.1

Incremented version in package.json so it can publish to NPM.

Full Changelog: dapr/js-sdk@v3.5.0...v3.5.1

v3.5.0

What's Changed

• rename child workflow function by @​famarting in dapr/js-sdk#644
• workflows: update durabletask fork and finish set custom status by @​famarting in dapr/js-sdk#647
• [docs] Remove beta from JS SDK workflow docs by @​hhunter-ms in dapr/js-sdk#654
• Fix README to be consistent by @​RafaelJCamara in dapr/js-sdk#649
• docs: fix path for getting started documentation by @​RafaelJCamara in dapr/js-sdk#652
• fix current packages with vulnerability by @​RafaelJCamara in dapr/js-sdk#648
• docs: fix contributing to sdk docs by @​RafaelJCamara in dapr/js-sdk#651
• chore(deps): Bump golang.org/x/net from 0.17.0 to 0.33.0 in /examples/grpc/proxying/server by @​dependabot in dapr/js-sdk#656
• Added suspend/resume support to DaprWorkflowClient by @​WhitWaldo in dapr/js-sdk#661

New Contributors

• @​famarting made their first contribution in dapr/js-sdk#644
• @​RafaelJCamara made their first contribution in dapr/js-sdk#649
• @​WhitWaldo made their first contribution in dapr/js-sdk#661

Full Changelog: dapr/js-sdk@v3.4.1...v3.5.0

v3.5.0-rc.2

What's Changed

... (truncated)

Changelog

Sourced from dapr-client's changelog.

Changelog

3.x release

v3.0.0

Breaking Changes

General: Fix serialization of data in HTTP

There is a new serializer in place to automatically detect the Content-Type for the data when using the HTTP Protocol and serialize accordingly. Objects will be send as application/json, Cloud-Events as applications/cloudevents+json, Strings as text/plain, and others as application/octet-stream.

An example of this change can be seen when performing client.invoke with "hello world" as data. The new serializer will correctly return the string type, as opposed to the previous behavior of calling JSON.serialize and returning '"hello world"'.

PubSub: Changes to the subscribe callback for HTTP

The HTTP subscribe callback now returns data after parsing it correctly. Data is either extracted from the body's data field, or the data_base64 field. data_base64 is always expected to be a base64 encoded string, and will be decoded and parsed as JSON if possible. If it is not JSON, it will be returned as a string. If data is not found in either field, the entire body will be returned as-is.

2.x release

v2.0.1

Actors

To make development easier, Actors can now be called in 2 ways:

1. By creating an actor through a helper method in the DaprClient class, removing the need of needing to know how a builder works.

const actor = await client.actor.create<DemoActorSayImpl>(DemoActorSayImpl);
const res = await actor.sayMulti(123, "123", { hello: "world 123" }, [1, 2, 3]);

2. By utilizing the Actor builder, where we create a Proxy object that does this for us.

const builder = new ActorProxyBuilder<DemoActorSayImpl>(DemoActorSayImpl, client);
const actor = builder.build(ActorId.createRandomId());
const res = await actor.sayMulti(123, "123", { hello: "world 123" }, [1, 2, 3]);

Behind the hoods, method #1 will utilize method #2

v2.0.0

Version 2.0.0 brings a lot of changes to the Dapr JS SDK that were long due. Below an overview of the major contributions can be found, with a more detailed overview of the Breaking Changes under it.

• Actor Support has been added
• Actor Proxy has been added for Actor Access
• The HTTP Connection is now being reused to reduce the CONNRESET errors when intensively using the JS SDK

... (truncated)

Commits

• 1d40fb9 Updating version number for redeployment
• 854fb0a Package version update (#719)
• 26e8be8 Generated new protos for release 1.16 (#713)
• 26b3527 Update daprdocs markdown files to be compatible with latest Hugo (#709)
• ac75d61 chore: update dependencies (#699)
• 7300ded Removes stale bot from repo (#690)
• e4e2e96 Removed references to Workflow components (#687)
• 9ff799c Remove prettifier from build (#684)
• 541ef6b Updated E2E tests to use latest stable Dapr version for CLI and runtime (#686)
• 746673c Updated package.json values (#682)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.