Cleanup: Synchronise gRPC versions across the repository #3467
Comments
|
The latest version is v1.59.1, as seen here, and the release mentions version 1.57.0, not 1.57.1. Which version are we preferring, latest or 1.57.0? |
|
The Hope v1.59.0 is fine. Anyway, the dependabot will be raising a PR with this version soon, correct? |
|
That's a really good question - I had a look at our dependency graph to see what the highest required gRPC version is for our current dependencies (If anyone wants to know how) ❯ go mod graph | grep -E 'grpc@v[0-9\.]+' -o | sort | uniq
grpc@v0.35.0
grpc@v1.10.0
grpc@v1.12.0
grpc@v1.19.0
grpc@v1.20.1
grpc@v1.21.1
grpc@v1.23.0
grpc@v1.25.1
grpc@v1.26.0
grpc@v1.27.0
grpc@v1.27.1
grpc@v1.28.0
grpc@v1.29.1
grpc@v1.30.0
grpc@v1.31.0
grpc@v1.31.1
grpc@v1.33.1
grpc@v1.33.2
grpc@v1.34.0
grpc@v1.35.0
grpc@v1.36.0
grpc@v1.45.0
grpc@v1.51.0
grpc@v1.55.0
grpc@v1.56.1
grpc@v1.57.0Which comes out of: ❯ go mod graph | grep grpc@v1.57.0
agones.dev/agones google.golang.org/grpc@v1.57.0
github.com/grpc-ecosystem/grpc-gateway/v2@v2.17.1 google.golang.org/grpc@v1.57.0
google.golang.org/api@v0.138.0 google.golang.org/grpc@v1.57.0
google.golang.org/genproto@v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc@v1.57.0
google.golang.org/genproto/googleapis/api@v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc@v1.57.0
google.golang.org/grpc@v1.57.0 github.com/cespare/xxhash/v2@v2.2.0
google.golang.org/grpc@v1.57.0 github.com/cncf/udpa/go@v0.0.0-20220112060539-c52dc94e7fbe
google.golang.org/grpc@v1.57.0 github.com/cncf/xds/go@v0.0.0-20230607035331-e9ce68804cb4
google.golang.org/grpc@v1.57.0 github.com/envoyproxy/go-control-plane@v0.11.1-0.20230524094728-9239064ad72f
google.golang.org/grpc@v1.57.0 github.com/golang/glog@v1.1.0
google.golang.org/grpc@v1.57.0 github.com/golang/protobuf@v1.5.3
google.golang.org/grpc@v1.57.0 github.com/google/go-cmp@v0.5.9
google.golang.org/grpc@v1.57.0 github.com/google/uuid@v1.3.0
google.golang.org/grpc@v1.57.0 golang.org/x/net@v0.9.0
google.golang.org/grpc@v1.57.0 golang.org/x/oauth2@v0.7.0
google.golang.org/grpc@v1.57.0 golang.org/x/sync@v0.0.0-20190423024810-112230192c58
google.golang.org/grpc@v1.57.0 golang.org/x/sys@v0.7.0
google.golang.org/grpc@v1.57.0 google.golang.org/genproto/googleapis/rpc@v0.0.0-20230525234030-28d5490b6b19
google.golang.org/grpc@v1.57.0 google.golang.org/protobuf@v1.30.0
google.golang.org/grpc@v1.57.0 cloud.google.com/go/compute@v1.19.1
google.golang.org/grpc@v1.57.0 cloud.google.com/go/compute/metadata@v0.2.3
google.golang.org/grpc@v1.57.0 github.com/census-instrumentation/opencensus-proto@v0.4.1
google.golang.org/grpc@v1.57.0 github.com/envoyproxy/protoc-gen-validate@v0.10.1
google.golang.org/grpc@v1.57.0 golang.org/x/text@v0.9.0
google.golang.org/grpc@v1.57.0 google.golang.org/appengine@v1.6.7
google.golang.org/grpc@v1.57.0 google.golang.org/genproto@v0.0.0-20230526161137-0005af68ea54
google.golang.org/grpc@v1.57.0 google.golang.org/genproto/googleapis/api@v0.0.0-20230525234035-dd9d682886f9So I think we should align with our current dependency graph, and stick with a 1.57.x release, so we should move to 1.57.1 since it has the security fix. |
|
https://go.dev/ref/mod#versions:~:text=%2337397).-,go%20get,-Usage%3A shows you how to get a specific version. |
Thanks to dependabot, I noticed we have both gRPC
v1.57.0andv1.53.0in a variety of places.We should move it all to 1.57.1 (as depdendabot would like us to do).
Thankfully we have a checklist for this for Kubernetes updates, so I'll steal that:
The text was updated successfully, but these errors were encountered: