Skip to content

chore: bump minimum version of protobuf to 4.25.8 #839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

chore: bump minimum version of protobuf to 4.25.8 #839

wants to merge 14 commits into from

Conversation

@ohmayr
Copy link
Contributor

@ohmayr ohmayr commented Sep 16, 2025
edited
Loading

This PR bumps the minimum version of Protobuf to 4.25.8 to address the security vulnerability in Protobuf < 4.x.

This means that we're also removing dependency on grpc_gcp and grpcio_gcp which are needed for Protobuf < 4.x.

This PR also drops support for Python 3.7 since it is not supported by Protobuf 4.25.8.

Note: Bumping the major version could introduce diamond dependency, and we don't expect users to be impacted because grpcio-gcp is only supported in protobuf 3.x and users of protobuf 3.x would not be able to install the latest version of the library.

@ohmayr ohmayr requested review from a team as code owners September 16, 2025 21:31
@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Sep 16, 2025
@ohmayr ohmayr changed the title chore: bump minimum version of protobuf to chore: bump minimum version of protobuf to 4.25.8 Sep 16, 2025
@ohmayr ohmayr marked this pull request as draft September 17, 2025 00:06
@product-auto-label product-auto-label bot added size: l Pull request size is large. and removed size: m Pull request size is medium. labels Sep 17, 2025
@ohmayr ohmayr marked this pull request as ready for review September 17, 2025 21:19
@ohmayr ohmayr force-pushed the bump-protobuf-version branch from 87faed2 to c625a66 Compare September 17, 2025 21:44
@vchudnov-g
Copy link
Contributor

Do not merge yet. We want to merge and release #832 before we increase the minimum versions of Python and of protobuf.

@vchudnov-g vchudnov-g added the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Oct 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vchudnov-g vchudnov-g

Labels

do not merge Indicates a pull request not ready for merge, due to either quality or timing. size: l Pull request size is large.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ohmayr @vchudnov-g