-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue: upgrade prost depedency to 0.8.0 #596
Comments
Thanks! I wonder how much overhead the interceptor will bring. If it's not that much, we can probably just create a "pass through" interceptor where the request will be returned without any changes. |
Just as reference, this is the change I did:
|
@TommyCpp do you have any idea about when a new release of opentelemetry-otlp which includes this fix will be tagged? The v0.8.0 release doesn't include it yet |
@jtescher Maybe we should cut a new release as it has been a while since the last release? |
@TommyCpp yeah let's get a new release out 👍 You can get a release PR ready if you want, else I will do it later today or this weekend |
I run
cargo audit
against a project of mine, Adding theopentelemetry-otlp
dependency lead to this discovery:I've tried to contribute a fix for that by forking this repo and updating the prost dependency. Unfortunately prost 0.8 requires tonic 0.5, which introduces some breaking changes inside of the automatically generated code.
The breaking change happens inside of the automatically generated
TraceServiceClient
.Code generated with prost 0.7 and tonic 0.4
This is the relevant snippet from the
opentelemetry.proto.collector.trace.v1.rs
file that is automatically generated:As you can see,
new
andwith_interceptor
always return an instance ofTraceServiceClient
.Code generated with prost 0.8 and tonic 0.5
This is the same code, generated with the latest versions of the crates:
Now the return type of the
new
andwith_interceptor
methods is different.That leads to the following compilation error:
I don't know how to best solve this problem... I spent some time trying, but I couldn't find a good solution. I've to admit, I'm also not experienced with protobuf code generation
The text was updated successfully, but these errors were encountered: