New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update prost in TiKV projects to 0.9 #10905
Comments
raft-rs looks like don't have direct depends on prost. |
The proto of raft-rs depends on protobuf-build and prost is one of the options. https://github.com/tikv/raft-rs/blob/master/proto/Cargo.toml |
OK,I will start a PR tomorrow. |
raft-rs fixed in tikv/raft-rs#456 |
Agree on this. In fact, AgateDB has already upgraded to prost 0.8 on master branch. We will upgrade that to 0.9 soon. |
Actually, TiKV doesn't use prost in production. And importer is not maintained anymore, /cc @kennytm, maybe we can just drop the support of prost-codec in TiKV, which should simplify a lot of code. Though prost support in libraries is still necessary for community. |
If we want to totally remove prost from TiKV itself, pprof-rs also needs to provide an option to not use prost. |
+1 leaving a single protobuf codec for 5.2 and above. |
There is a PR tikv/pprof-rs#23 several months ago 😢 . I will take a look to this PR again. |
Since it's not used in production, remove it to reduce dependencies and codes. To fully remove prost, we still need pprof to support protobuf-codec. See also tikv#10905. Signed-off-by: Jay Lee <BusyJayLee@gmail.com>
I sent #11099, which deleted 1300 lines, most of them were crate configurations. |
* *: remove prost support Since it's not used in production, remove it to reduce dependencies and codes. To fully remove prost, we still need pprof to support protobuf-codec. See also #10905. Signed-off-by: Jay Lee <BusyJayLee@gmail.com> * remove unnecessary features Signed-off-by: Jay Lee <BusyJayLee@gmail.com> * further cleanup Signed-off-by: Jay Lee <BusyJayLee@gmail.com> Co-authored-by: Ti Chi Robot <ti-community-prow-bot@tidb.io>
Development Task
Prost 0.7 is vulnerable to RUSTSEC-2021-0073. This security issue does not affect TiKV itself. But many TiKV projects are widely used by the community. The users of these projects may hope to get the issue fixed without having multiple prost versions.
Prost 0.7 does not include this patch so it also blocks us from updating to future Rust toolchains.
Projects that use prost
The text was updated successfully, but these errors were encountered: