Skip to content

Relax protobuf version requirement to support v6#4620

Merged
aabmass merged 16 commits intoopen-telemetry:mainfrom
bouk:patch-1
Jun 26, 2025
Merged

Relax protobuf version requirement to support v6#4620
aabmass merged 16 commits intoopen-telemetry:mainfrom
bouk:patch-1

Conversation

@bouk
Copy link
Contributor

@bouk bouk commented Jun 6, 2025

Fixes #4563, see that issue for details

@bouk bouk requested a review from a team as a code owner June 6, 2025 09:59
emdneto
emdneto reviewed Jun 9, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does tests pass for newer versions?

@bouk
Copy link
Contributor Author

bouk commented Jun 10, 2025

@emdneto I think running the workflows requires approval, are you able to do that?

@sshishov
Copy link

sshishov commented Jun 10, 2025
edited
Loading

I am not the maintainer or even contributor, but based on the upgrading flow to protobuf 5 there was a statement that OTEL desired to support only 1 version of protobuf, no? I hope it will be protobuf 6 soon 🎉

The statement appeared in this issue/comment: #3958 (comment)

@emdneto
Copy link
Member

emdneto commented Jun 10, 2025

I am not the maintainer or even contributor, but based on the upgrading flow to protobuf 5 there was a statement that OTEL desired to support only 1 version of protobuf, no? I hope it will be protobuf 6 soon 🎉

The statement appeared in this issue/comment: #3958 (comment)

Yes, I think this is the general agreement from the SIG.

@bouk I mean, update the test-requirements.txt and run the tests.

@xrmx xrmx moved this to Reviewed PR that needs fixing in Python PR digest Jun 11, 2025
@RogerHYang RogerHYang mentioned this pull request Jun 11, 2025
Closed
@bouk
Copy link
Contributor Author

bouk commented Jun 12, 2025

@emdneto done, and the tests pass

@iblancasa
Copy link

iblancasa commented Jun 17, 2025

Hi team, I don't know if you are aware of this https://nvd.nist.gov/vuln/detail/CVE-2025-4565

@emdneto emdneto mentioned this pull request Jun 19, 2025
Closed
emdneto
emdneto reviewed Jun 19, 2025
View reviewed changes
Copy link
Member

@emdneto emdneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bouk, we’ll need to create two test-requirements files—one with proto5 and one with proto6—and do the same for components that use opentelemetry-proto, such as exporters. Do you have bandwidth for this? Lmk if not, and I can push the changes to your branch to get this reviewed and merged.

@bouk
Copy link
Contributor Author

bouk commented Jun 19, 2025

I have time for this tomorrow, sure.

@aabmass
Copy link
Member

aabmass commented Jun 23, 2025

there was a statement that OTEL desired to support only 1 version of protobuf, no? I hope it will be protobuf 6 soon 🎉

The statement appeared in this issue/comment: #3958 (comment)

This is no longer relevant see my comment on #4639 (comment). This PR looks is the correct approach

@aabmass aabmass linked an issue Jun 23, 2025 that may be closed by this pull request
Add support for Protobuf 6 #4639
Closed
@aabmass
Copy link
Member

aabmass commented Jun 23, 2025

I have time for this tomorrow, sure.

Did you already start on this? If not, I already have a fix I can push.

@aabmass
Copy link
Member

aabmass commented Jun 24, 2025

@emdneto PTAL, I added separate tox targets for oldest+latest supported dependencies for opentelemetry-proto and opentelemetry-exporter-otlp-proto-grpc, generated with uv pip compile.

@xrmx
Copy link
Contributor

xrmx commented Jun 24, 2025

Please someone push a changelog :)

@xrmx xrmx moved this from Reviewed PR that needs fixing to Ready for review in Python PR digest Jun 24, 2025
emdneto
emdneto reviewed Jun 24, 2025
View reviewed changes
emdneto
emdneto reviewed Jun 24, 2025
View reviewed changes
@aabmass aabmass enabled auto-merge (squash) June 26, 2025 01:38
xrmx
xrmx reviewed Jun 26, 2025
View reviewed changes
@aabmass aabmass disabled auto-merge June 26, 2025 14:05
@aabmass aabmass enabled auto-merge (squash) June 26, 2025 14:05
@aabmass aabmass merged commit 698f9a5 into open-telemetry:main Jun 26, 2025
471 of 472 checks passed
@github-project-automation github-project-automation bot moved this from Ready for review to Done in Python PR digest Jun 26, 2025
@jmezzera
Copy link

jmezzera commented Jul 3, 2025

Hello everyone! Is this scheduled for release? If so, is there an ETA?

I could take advantage of this fix

Thanks in advance!

@mparry mparry mentioned this pull request Jul 11, 2025
Merged
5 tasks
@stefanvanburen stefanvanburen mentioned this pull request Jul 29, 2025
Open
JWinermaSplunk pushed a commit to JWinermaSplunk/opentelemetry-python that referenced this pull request Feb 17, 2026
@bouk @aabmass
@emdneto @xrmx @JWinermaSplunk
Relax protobuf version requirement to support v6 (open-telemetry#4620)
fca96ec 
* Relax protobuf version requirement to support v6

Fixes open-telemetry#4563

* Update test-requirements to protobuf6

* uv pip compile oldest and latest requirements for opentelemetry-proto

* uv pip compile oldest and latest requirements for OTLP gRPC exporter

This uncovered some incompatibilty with oldest versions listed in pyproject.toml which I fixed.

* Use newer protobuf to avoid dependabot issues

* Generate workflows

* Cleanup tox issues and old requirements files

* add changelog

* Update CHANGELOG.md

* undo zipkin change

* Update CHANGELOG.md

---------

Co-authored-by: Aaron Abbott <aaronabbott@google.com>
Co-authored-by: emdneto <9735060+emdneto@users.noreply.github.com>
Co-authored-by: Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
JWinermaSplunk pushed a commit to JWinermaSplunk/opentelemetry-python that referenced this pull request Feb 17, 2026
@bouk @aabmass
@emdneto @xrmx @JWinermaSplunk
Relax protobuf version requirement to support v6 (open-telemetry#4620)
78dbbe2 
* Relax protobuf version requirement to support v6

Fixes open-telemetry#4563

* Update test-requirements to protobuf6

* uv pip compile oldest and latest requirements for opentelemetry-proto

* uv pip compile oldest and latest requirements for OTLP gRPC exporter

This uncovered some incompatibilty with oldest versions listed in pyproject.toml which I fixed.

* Use newer protobuf to avoid dependabot issues

* Generate workflows

* Cleanup tox issues and old requirements files

* add changelog

* Update CHANGELOG.md

* undo zipkin change

* Update CHANGELOG.md

---------

Co-authored-by: Aaron Abbott <aaronabbott@google.com>
Co-authored-by: emdneto <9735060+emdneto@users.noreply.github.com>
Co-authored-by: Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aabmass aabmass aabmass left review comments

@xrmx xrmx xrmx approved these changes

@emdneto emdneto emdneto approved these changes

@lzchen lzchen lzchen approved these changes

+1 more reviewer

@breedx-splk breedx-splk breedx-splk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

Python PR digest
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for Protobuf 6 Dependency conflict with latest grpc/protobuf when using opentelemetry-exporter-otlp-proto-grpc

9 participants

@bouk @sshishov @emdneto @iblancasa @aabmass @xrmx @jmezzera @lzchen @breedx-splk