You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@pekko.apache.org by "pjfanning (via GitHub)" <gi...@apache.org> on 2023/08/20 23:02:51 UTC
[GitHub] [incubator-pekko-grpc] pjfanning opened a new pull request, #168: [DRAFT] upgrade protobuf-java
pjfanning opened a new pull request, #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168
grpc lib uses a newer version of protobuf-java (3.21.1) but this has CVEs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko-grpc] pjfanning commented on a diff in pull request #168: [DRAFT] upgrade protobuf-java
Posted by "pjfanning (via GitHub)" <gi...@apache.org>.
pjfanning commented on code in PR #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168#discussion_r1299768549
##########
project/Dependencies.scala:
##########
@@ -36,7 +36,7 @@ object Dependencies {
// If changing this, remember to update protoc plugin version to align in
// maven-plugin/src/main/maven/plugin.xml and org.apache.pekko.grpc.sbt.PekkoGrpcPlugin
val googleProtoc = "3.20.1" // checked synced by VersionSyncCheckPlugin
Review Comment:
This is due to https://github.com/apache/incubator-pekko-grpc/pull/117
There are changes in newer versions of protoc that break Pekko build. That doesn't stop using from using newer versions of protobuf-java.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko-grpc] pjfanning commented on a diff in pull request #168: upgrade protobuf-java to 3.21.12
Posted by "pjfanning (via GitHub)" <gi...@apache.org>.
pjfanning commented on code in PR #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168#discussion_r1299953754
##########
project/Dependencies.scala:
##########
@@ -36,7 +36,7 @@ object Dependencies {
// If changing this, remember to update protoc plugin version to align in
// maven-plugin/src/main/maven/plugin.xml and org.apache.pekko.grpc.sbt.PekkoGrpcPlugin
val googleProtoc = "3.20.1" // checked synced by VersionSyncCheckPlugin
Review Comment:
the vulnerabilities are in protobuf-java, not in protoc
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko-grpc] pjfanning merged pull request #168: upgrade protobuf-java to 3.21.12
Posted by "pjfanning (via GitHub)" <gi...@apache.org>.
pjfanning merged PR #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko-grpc] mdedetrich commented on a diff in pull request #168: upgrade protobuf-java to 3.21.12
Posted by "mdedetrich (via GitHub)" <gi...@apache.org>.
mdedetrich commented on code in PR #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168#discussion_r1299934648
##########
project/Dependencies.scala:
##########
@@ -36,7 +36,7 @@ object Dependencies {
// If changing this, remember to update protoc plugin version to align in
// maven-plugin/src/main/maven/plugin.xml and org.apache.pekko.grpc.sbt.PekkoGrpcPlugin
val googleProtoc = "3.20.1" // checked synced by VersionSyncCheckPlugin
Review Comment:
I guess we should also use a version of protoc that doesn't have vulnerabilities but this is maybe for 1.1.x.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org
[GitHub] [incubator-pekko-grpc] He-Pin commented on a diff in pull request #168: [DRAFT] upgrade protobuf-java
Posted by "He-Pin (via GitHub)" <gi...@apache.org>.
He-Pin commented on code in PR #168:
URL: https://github.com/apache/incubator-pekko-grpc/pull/168#discussion_r1299548939
##########
project/Dependencies.scala:
##########
@@ -36,7 +36,7 @@ object Dependencies {
// If changing this, remember to update protoc plugin version to align in
// maven-plugin/src/main/maven/plugin.xml and org.apache.pekko.grpc.sbt.PekkoGrpcPlugin
val googleProtoc = "3.20.1" // checked synced by VersionSyncCheckPlugin
Review Comment:
Can this two version be the same?
##########
project/Dependencies.scala:
##########
@@ -36,7 +36,7 @@ object Dependencies {
// If changing this, remember to update protoc plugin version to align in
// maven-plugin/src/main/maven/plugin.xml and org.apache.pekko.grpc.sbt.PekkoGrpcPlugin
val googleProtoc = "3.20.1" // checked synced by VersionSyncCheckPlugin
Review Comment:
Can this two versions be the same?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org