Skip to content

Update protobuf #1082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 16, 2025
Merged

Update protobuf #1082

merged 5 commits into from
Sep 16, 2025

Conversation

@SpencerC
Copy link
Contributor

@SpencerC SpencerC commented Sep 5, 2025

What was changed

protobuf and grpcio updated to the latest versions.

Why?

Fixes compatibility issue with Python code generated protobuf >31.1. This change is backwards compatible per: https://protobuf.dev/support/cross-version-runtime-guarantee

Checklist

  1. Closes [Bug] Unable to import generated protocol buffer code #1080

  2. How was this tested: ran poe test per README.md.

  1. Any docs updates needed?
    I don't think so.

@SpencerC SpencerC requested a review from a team as a code owner September 5, 2025 19:44
@CLAassistant
Copy link

CLAassistant commented Sep 5, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tconley1428
Copy link
Contributor

tconley1428 commented Sep 9, 2025

I think we don't necessarily want to raise the dependency floor to version 6.

@SpencerC
Copy link
Contributor Author

SpencerC commented Sep 10, 2025

@tconley1428 what problem does a lower dependency floor solve and do the benefits outweigh the risks? If so, what floor would you like to see? There are at least two security issues effecting older versions:
GHSA-8qvm-5x2c-j2w7
GHSA-8gq9-2x98-w8hf

Also, any code generated outside this package with more recent versions of protobuf should be forward compatible.

@tconley1428
Copy link
Contributor

tconley1428 commented Sep 10, 2025

We are a library, so we need to support users where they are. Some users are on older versions of protobuf, so we can't just disallow them. We should leave it as is and increase the ceiling.

@SpencerC
Copy link
Contributor Author

SpencerC commented Sep 15, 2025

@tconley1428 moved the floor back to 3.20.

@cretz cretz mentioned this pull request Sep 16, 2025
Closed
@tconley1428 tconley1428 merged commit 2a2b83b into temporalio:main Sep 16, 2025
16 checks passed
@SpencerC SpencerC deleted the update_protobuf branch September 16, 2025 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tconley1428 tconley1428 tconley1428 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Unable to import generated protocol buffer code

3 participants

@SpencerC @CLAassistant @tconley1428