Update prost to 0.8 #544
Update prost to 0.8 #544
Conversation
|
Well, I think it is okay to release protobuf-build 0.13 first because it allows all recent Then, we can release v0.10 of @BusyJay What do you think? |
Agree. In long term, we better land #545 to solve the problem completely. |
Cargo.toml
Outdated
| @@ -1,6 +1,6 @@ | |||
| [package] | |||
| name = "grpcio" | |||
| version = "0.9.0" | |||
| version = "0.10.0" | |||
There was a problem hiding this comment.
Better keep the old version. We will send a standalone PR to mutate the version and update changelog.
There was a problem hiding this comment.
Comment addressed. And change version of depending protobuf-build to >=0.12, to use the coming 0.13 version without modification again.
PTAL~
BTW, why better keep the old version ?
There was a problem hiding this comment.
Because we may not just include one change in next minor version. This is also friendly for people who want to try the change using patch.
|
Is there any risk to upgrade to 0.8? I can see a comment here: tokio-rs/prost#526 (comment). |
prost 0.8 Timestamp need TryInto to convert to std::time::SystemTime, before 0.7 can use Into trait to convert but I think this convert is safe on Linux in prost 0.8 prost <= 0.7 is compile failed on rustc >= 1.56.0 |
Signed-off-by: pingyu <shui.yu@126.com>
Signed-off-by: pingyu <shui.yu@126.com>
pingyu
force-pushed
the
update-prost-to-0.8
branch
from
c9f8b08
to
4ce6dfb
Compare
Signed-off-by: pingyu <shui.yu@126.com>
Update Prost to 0.8, to avoid security issue of 0.7 (RUSTSEC-2021-0073).
Related issue: tikv/tikv#10905, tikv/protobuf-build#55
Note that
grpcio-protostill depends onprost 0.7because of its build-dependency toprotobuf-build 0.12. Asprotobuf-build 0.12depends ongrpcio-compiler 0.9, there is a circular dependency betweengrps-rsandprotobuf-build.I think we should release
grps-rs0.10.0 first, thenprotobuf-build0.13, and at last updategrpcio-prototo depend onprotobuf-build0.13.Signed-off-by: pingyu shui.yu@126.com