Skip to content

Relax protobuf version requirement to support v6 #4620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Relax protobuf version requirement to support v6 #4620

wants to merge 2 commits into from
+8 −8

Conversation

bouk
Copy link

@bouk bouk commented Jun 6, 2025

Fixes #4563, see that issue for details

@bouk bouk requested a review from a team as a code owner June 6, 2025 09:59
emdneto
emdneto reviewed Jun 9, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does tests pass for newer versions?

@bouk
Copy link
Author

bouk commented Jun 10, 2025

@emdneto I think running the workflows requires approval, are you able to do that?

@sshishov
Copy link

sshishov commented Jun 10, 2025
edited
Loading

I am not the maintainer or even contributor, but based on the upgrading flow to protobuf 5 there was a statement that OTEL desired to support only 1 version of protobuf, no? I hope it will be protobuf 6 soon 🎉

The statement appeared in this issue/comment: #3958 (comment)

@emdneto
Copy link
Member

emdneto commented Jun 10, 2025

I am not the maintainer or even contributor, but based on the upgrading flow to protobuf 5 there was a statement that OTEL desired to support only 1 version of protobuf, no? I hope it will be protobuf 6 soon 🎉

The statement appeared in this issue/comment: #3958 (comment)

Yes, I think this is the general agreement from the SIG.

@bouk I mean, update the test-requirements.txt and run the tests.

@RogerHYang RogerHYang mentioned this pull request Jun 11, 2025
Open
@bouk
Copy link
Author

bouk commented Jun 12, 2025

@emdneto done, and the tests pass

@iblancasa
Copy link

Hi team, I don't know if you are aware of this https://nvd.nist.gov/vuln/detail/CVE-2025-4565

@emdneto emdneto mentioned this pull request Jun 19, 2025
Open
emdneto
emdneto reviewed Jun 19, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bouk, we’ll need to create two test-requirements files—one with proto5 and one with proto6—and do the same for components that use opentelemetry-proto, such as exporters. Do you have bandwidth for this? Lmk if not, and I can push the changes to your branch to get this reviewed and merged.

@bouk
Copy link
Author

bouk commented Jun 19, 2025

I have time for this tomorrow, sure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emdneto emdneto emdneto left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependency conflict with latest grpc/protobuf when using opentelemetry-exporter-otlp-proto-grpc
4 participants
@bouk @sshishov @emdneto @iblancasa