-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxy: Update prost to 0.6 #3963
proxy: Update prost to 0.6 #3963
Comments
I'm working on this. The breaking changes in |
This will require updating the v0.1.x |
Here is a patched |
This branch updates the proxy's `prost` dependency to a patched version of `prost` 0.5 that incorporates the cahnges in danburkert/prost#268. This patch fixes a security issue where a malicious protobuf message could be used to trigger a stack overflow. We are unfortunately unable to easily update to `prost` 0.6.1, which includes this fix, as 0.6 updates the `bytes` dependency to 0.5. The `tokio` 0.1 ecosystem that the proxy currently uses still depends on 0.4, and the breaking changes in 0.5 are quite significant. Therefore, updating to `bytes` 0.5 would require a lot of fairly large changes to legacy versions of...pretty much everything (`tokio-io`, `tokio-buf`, `hyper`, `http-body`...). As we intend to update to `tokio` 0.2 in the near future, patching all these legacy dependencies is a bit of a waste of time. Therefore, I opted to backport the security fix to a compatible `prost` version instead. Closes linkerd/linkerd2#3963 Signed-off-by: Eliza Weisman <eliza@buoyant.io>
Now that we've updated to tokio-0.2, we should ensure that we eliminate our (patched) prost 0.5 dependencies so that |
The proxy itself is now using |
This branch updates the test support mock control plane components in `linkerd2-app-integration` to use `std::future`, Tonic, and Tokio 0.2. Rather than spawning a separate thread for each control plane componwnr as we did previously, they are now spawned as tasks on the main test thread's runtime. As discussed in #580, this _may_ make the tests slightly less flaky and/or slightly faster on CI. Closes linkerd/linkerd2#3963 Signed-off-by: Eliza Weisman <eliza@buoyant.io>
The proxy has dependencies on prost 0.5, as does proxy-api, and tower-grpc-build, etc.
Is it feasible to update this dependency?
The text was updated successfully, but these errors were encountered: