Sounds good and thanks for doing this :) - Cham
On Thu, Jan 11, 2024 at 8:06 AM Yi Hu via dev <dev@beam.apache.org> wrote: > Hi everyone, > > I would like to volunteer to upgrade the Beam vendored grpc, as requested > by the GitHub Issue [1]. The last update was in Apr 2023 [2]. There have > been vulnerabilities in its dependencies as well as potential oom issues > found since then (see [1]), and also to include grpc-alts [2]. > > My plan is to follow the release process [3, 4], which involves preparing > for the release, building a candidate, voting and finalizing the release. > Then the vendored artifact is targeted to be integrated by Beam v2.54.0 > onwards (cut date Jan 24, 2024). > > Please let me know if you have any comments/objections/questions. > > Thanks, > > Yi > > [1] https://github.com/apache/beam/issues/29861 > [2] https://github.com/apache/beam/issues/25746 > [3] https://github.com/apache/beam/tree/master/vendor > [4] > https://docs.google.com/document/d/1ztEoyGkqq9ie5riQxRtMuBu3vb6BUO91mSMn1PU0pDA/edit#heading=h.vhcuqlttpnog > -- > > Yi Hu, (he/him/his) > > Software Engineer > > >
