Update third-party dependencies (2026-04-09)

[szalpal]

Updated dependencies

• opus: 1.5.2 → 1.6.1
• FFmpeg: 8.0.1 → 8.1
• libjpeg-turbo: 3.1.3 → 3.1.4
• protobuf: 34.0 → 34.1
• curl: 8.18.0 → 8.19.0
• openssl: 3.6.1 → 3.6.2
• aws-sdk-cpp: 1.11.760 → 1.11.787

Test plan

• CI passes (lint + build)
• Verify updated libraries build correctly with build_deps.sh

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR performs a routine update of 7 third-party dependencies to their latest versions: opus (1.5.2→1.6.1), FFmpeg (8.0.1→8.1), libjpeg-turbo (3.1.3→3.1.4), protobuf (34.0→34.1), curl (8.18.0→8.19.0), openssl (3.6.1→3.6.2), and aws-sdk-cpp (1.11.760→1.11.787). The local FFmpeg patch for the avformat/mov missing video size bug (#20667) is correctly removed since that fix was merged upstream and is now included in the FFmpeg 8.1 release (March 2026).

Confidence Score: 5/5

This PR is safe to merge — all changes are version bumps with no logic modifications and a correct patch removal.

All 10 changed files are either submodule pointer updates, README documentation updates, or the clean removal of a patch whose fix is now included upstream in FFmpeg 8.1 (released March 2026). No functional code was added or modified, and no P0/P1 issues were found.

No files require special attention.

Vulnerabilities

No security concerns identified. The updated libraries include openssl 3.6.2 and curl 8.19.0 which are minor version bumps; no known critical CVEs are introduced by these changes. All updates point to well-known upstream repositories.

Important Files Changed

Filename	Overview
build_scripts/build_ffmpeg.sh	Removed patch application for the avformat/mov fix — correct since FFmpeg 8.1 includes it upstream
patches/FFmpeg-0001-avformat-mov-fix-missing-video-size-when-some-decode.patch	Patch deleted — fix is now included in FFmpeg 8.1 upstream
README.rst	Version numbers and links updated for all 7 bumped dependencies; RST table structure is valid
third_party/FFmpeg	Submodule pointer updated to FFmpeg n8.1 release commit
third_party/openssl	Submodule pointer updated to OpenSSL 3.6.2
third_party/curl	Submodule pointer updated to curl 8.19.0
third_party/aws-sdk-cpp	Submodule pointer updated to aws-sdk-cpp 1.11.787
third_party/opus	Submodule pointer updated to opus 1.6.1
third_party/libjpeg-turbo	Submodule pointer updated to libjpeg-turbo 3.1.4
third_party/protobuf	Submodule pointer updated to protobuf 34.1

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    PR["Dependency Update PR"] --> FFmpeg["FFmpeg 8.0.1 → 8.1"]
    PR --> opus["opus 1.5.2 → 1.6.1"]
    PR --> libjpeg["libjpeg-turbo 3.1.3 → 3.1.4"]
    PR --> protobuf["protobuf 34.0 → 34.1"]
    PR --> curl["curl 8.18.0 → 8.19.0"]
    PR --> openssl["openssl 3.6.1 → 3.6.2"]
    PR --> aws["aws-sdk-cpp 1.11.760 → 1.11.787"]

    FFmpeg --> patch["Remove local avformat/mov patch\n(fix included upstream in 8.1)"]
    FFmpeg --> submod1["Update submodule → 9047fa1b"]
    opus --> submod2["Update submodule → 22244de5"]
    libjpeg --> submod3["Update submodule → e352b02f"]
    protobuf --> submod4["Update submodule → 4b0c3aac"]
    curl --> submod5["Update submodule → 8c908d2d"]
    openssl --> submod6["Update submodule → fe686e15"]
    aws --> submod7["Update submodule → 6bbfd113"]

    style patch fill:#d4edda,stroke:#28a745

Loading

_{Reviews (3): Last reviewed commit: "Remove upstreamed FFmpeg mov.c patch" | Re-trigger Greptile}

[rostan-t]

Latest is 3.1.4.1 (which is different from 3.1.4)

[rostan-t]

Misaligned columns break the table rendering (at least on GitHub's rendering engine)