Closed lhotari closed 2 months ago
I suggest using the 1.53.0
as minimum version, just for consider the multiple os.
I suggest using the
1.53.0
as minimum version, just for consider the multiple os.
There might be other CVEs. Which OS do you have in mind?
There might be other CVEs.
Good catch, see https://github.com/advisories/GHSA-p25m-jpj4-qcrr
Must be equal to or greater than 1.55.3.
Which OS do you have in mind?
Now it seems that only alpine-3.18.
For other OS, the users can use the pip to install the grpcio.
Any updates?
Do you have a release plan? If not, the pulsar 3.3.0 arm image will take about 2 hours to build the grpcio wheel, please see https://github.com/nodece/pulsar-python-deps-build/actions/runs/8891459473/job/24418839959#step:6:315 for details.
Motivation
When using the Alpine base image in Pulsar, there's a need to compile grpcio from source when 1.60.0 version is required. It's better to allow grpcio version 1.59.3 so that Alpine's py3-grpcio can be used to fulfill the requirement. Please see https://github.com/apache/pulsar/pull/22613 for more context.
Modifications
Additional context