Great idea, yes. Always helpful to upgrade, especially when there is a reason.
Kenn On Wed, Mar 29, 2023 at 12:52 PM Yi Hu via dev <dev@beam.apache.org> wrote: > Hi all, > > I would like to volunteer to upgrade the Beam vendored grpc, as > requested by the GitHub Issue [1]. I checked the project history that we > did four upgrades in the last 2 years (1.26->1.36->1.43->1.48) and the last > time was in Aug 2022 [2]. There have been vulnerabilities in its > dependencies found since then (see [1]). > > My plan is to follow the release process [3, 4], which involves preparing > for the release, building a candidate, voting and finalizing the release. > Then the vendored artifact is targeted to be integrated by Beam v2.48.0 > onwards (cut date May 17, 2023). > > Please let me know if you have any comments/objections/questions. > > Thanks, > > Yi > > [1] https://github.com/apache/beam/issues/25746 > [2] https://github.com/apache/beam/pull/22628 > [3] https://github.com/apache/beam/tree/master/vendor > [4] > https://docs.google.com/document/d/1ztEoyGkqq9ie5riQxRtMuBu3vb6BUO91mSMn1PU0pDA/edit#heading=h.vhcuqlttpnog > > -- > > Yi Hu, (he/him/his) > > Software Engineer > > >
