Hello Shubham Sharma: Thanks for your email, which Lib the Go SDK depends on is caused by this? The release version of 0.8.1 was just launched recently, which is also mainly to solve the problem of license compatibility.
-- Thanks Xiaolong Ran Shubham Sharma (DEVDIV) <shubh...@microsoft.com.invalid> 于2022年3月9日周三 22:47写道: > Hi, > > We discovered the GPL dependency at Dapr using https://fossa.com/, you > can also try the same. It can be added in the CI step to prevent > introducing any such dependencies further. > > Thanks, > Shubham > > On 2022/03/08 19:44:29 Michael Marshall wrote: > > +1 for releasing 0.8.1. Thanks for starting this discussion, Rui. > > > > Is there any official ASF protocol for dealing with this situation? I > > think we should warn users about the unintended GPL dependency > > included in 0.8.0. Perhaps we can do that by adding a warning to the > > GitHub Release page for 0.8.0 [0] and sending a note to the users > > mailing list? > > > > Also, does Go have any tooling we can add to our release process to > > help prevent this kind of error in future releases? > > > > Thanks, > > Michael > > > > [0] https://github.com/apache/pulsar-client-go/releases/tag/v0.8.0 > > > > On Mon, Mar 7, 2022 at 7:59 PM Rui Fu rf...@apache.org<mailto: > rf...@apache.org> wrote: > > > > > > Thanks for all your votings, I will start working on the release. > > > > > > On 2022/03/07 19:14:00 Sijie Guo wrote: > > > > +1 > > > > > > > > On Sun, Mar 6, 2022 at 6:46 PM r...@apache.org<mailto:r...@apache.org> > ra...@gmail.com<mailto:ra...@gmail.com> > > > > wrote: > > > > > > > > > +1 > > > > > > > > > > -- > > > > > Thanks > > > > > Xiaolong Ran > > > > > > > > > > PengHui Li pe...@apache.org<mailto:pe...@apache.org> 于2022年3月5日周六 > 18:10写道: > > > > > > > > > > > +1 > > > > > > > > > > > > Penghui > > > > > > > > > > > > On Sat, Mar 5, 2022 at 4:58 AM Matteo Merli ma...@gmail.com > <mailto:ma...@gmail.com> > > > > > > wrote: > > > > > > > > > > > > > +1 Thanks Rui, we should eliminate the GPL dependency ASAP. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Matteo Merli > > > > > > > ma...@gmail.com<mailto:ma...@gmail.com> > > > > > > > > > > > > > > On Thu, Mar 3, 2022 at 2:08 AM Rui Fu rf...@apache.org<mailto: > rf...@apache.org> wrote: > > > > > > > > > > > > > > > > Hi everyone, > > > > > > > > > > > > > > > > I would like to start a discussion here about starting a new > release > > > > > of > > > > > > > > pulsar-client-go v0.8.1. Recently we have some of > dependencies > > > > > updated > > > > > > > PRs > > > > > > > > from the community, [1] is bumping ` > github.com/beefsack/go-rate` <http://github.com/beefsack/go-rate> > > > > > http://github.com/beefsack/go-rate > > > > > > http://github.com/beefsack/go-rate > > > > > > > http://github.com/beefsack/go-rate to the > > > > > > > > latest version, which migrates the license from GPL to MIT. > [2] is > > > > > > > bumping ` > > > > > > > > github.com/prometheus/client_golang` > <http://github.com/prometheus/client_golang> > > > > > http://github.com/prometheus/client_golang > > > > > > http://github.com/prometheus/client_golang > > > > > > > http://github.com/prometheus/client_golang to address the > > > > > > > CVE-2022-21698. For > > > > > > > > more details, please check the links below. > > > > > > > > > > > > > > > > As the v0.8.0 was just released weeks ago and the next > release will > > > > > > start > > > > > > > > about 2 month later, I think we should start the release of > v0.8.1. > > > > > > > > > > > > > > > > [1]: https://github.com/apache/pulsar-client-go/pull/735 > > > > > > > > [2]: https://github.com/apache/pulsar-client-go/pull/738 > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > Best Regards, > > > > > > > > > > > > > > > > Rui Fu > > > > > > > > > > > > > > > > > > > > > > > > >
