Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to protobuf v25.6 #1712

Closed
wants to merge 2 commits into from
Closed

Upgrade to protobuf v25.6 #1712

wants to merge 2 commits into from

Conversation

mbland
Copy link
Contributor

@mbland mbland commented Mar 6, 2025

Description

Updates the protobuf version to one that's still compatible with Bazel 6.5.0 and 7.5.0 without updating scalapb. Broken out from #1710, and part of #1482 and #1652.

Like #1711, updates .bazelversion files to 7.5.0 and the CI builds in .bazelci/presubmit.yml to use Bazel 7.5.0.

Unlike #1711, contains only these updates:

  • abseil-cpp: 20220623.1 => 20250127.0
  • protobuf: v21.7 => v25.6

Motivation

This change aims make #1710 smaller and more focused, and should ultimately make that pull request smaller and/or easier to review.

Specifically, this is an attempt to see whether MSVC will build successfully with protobuf v25.6. If it doesn't, I will update this change to include the protocol compiler toolchainization changes from #1710.

@mbland
Upgrade to protobuf v25.6
71971b1 
Updates the `protobuf` version to one that's still compatible with Bazel
6.5.0 and 7.5.0 without updating `scalapb`. Broken out from bazelbuild#1710, and
part of bazelbuild#1482 and bazelbuild#1652.

Like bazelbuild#1711, updates `.bazelversion` files to 7.5.0 and the CI builds in
`.bazelci/presubmit.yml` to use Bazel 7.5.0.

Unlike bazelbuild#1711, contains only these updates:

- `abseil-cpp`: 20220623.1 => 20250127.0
- `protobuf`: v21.7 => v25.6

This change aims make bazelbuild#1710 smaller and more focused, and should
ultimately make that pull request smaller and/or easier to review.

Specifically, this is an attempt to see whether MSVC will build
successfully with `protobuf` v25.6. If it doesn't, I will update this
change to include the protocol compiler toolchainization changes
from bazelbuild#1710.
@mbland mbland requested review from liucijus and simuons as code owners March 6, 2025 18:23
@mbland
Copy link
Contributor Author

mbland commented Mar 6, 2025

Yep, Windows died.

I'll see about adding the toolchainization changes here. First, it looks like I need to pull down to protobuf v25.5 anyway:

Caused by: java.lang.UnsupportedOperationException:
  As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be 
  called from protobuf gencode. If you are seeing this message, your 
  gencode is vulnerable to a denial of service attack. You should 
  regenerate your code using protobuf 25.6 or later. Use the latest
  version that meets your needs. However, if you understand the risks 
  and wish to continue with vulnerable gencode, you can set the system 
  property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the 
  command line.

See security vulnerability:
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2

@mbland
Downgrade to protobuf v25.5
3c351f1 
It turns out `protobuf` v26.6 isn't compatibile with ScalaPB 0.9.8 used
by Scala 2.11:

```txt
Caused by: java.lang.UnsupportedOperationException:
  As of 2022/09/29 (release 21.7) makeExtensionsImmutable should not be
  called from protobuf gencode. If you are seeing this message, your
  gencode is vulnerable to a denial of service attack. You should
  regenerate your code using protobuf 25.6 or later. Use the latest
  version that meets your needs. However, if you understand the risks
  and wish to continue with vulnerable gencode, you can set the system
  property `-Dcom.google.protobuf.use_unsafe_pre22_gencode` on the
  command line.

See security vulnerability:
GHSA-h4h5-3hr4-j3g2
```

As mentioned in bazelbuild#1710, we should consider dropping Scala 2.11 support at this
point, since there's no ScalaPB release for it that supports later versions of
`protobuf`. That, and we could remove some of the special case code added in
the following changes, amongst other 2.11 support details:

- bazelbuild#1631
- bazelbuild#1648
- bazelbuild#1687
- bazelbuild#1688
mbland added a commit to mbland/rules_scala that referenced this pull request Mar 7, 2025
@mbland
7.0.0 README updates and minor code changes
381774f 
Contains many editorial improvements to and some extra information in
the README, along with a few small improvements to the code. Broken out
from bazelbuild#1710, and part of bazelbuild#1482 and bazelbuild#1652.

Specifically:

- Adds more info on translating `@rules_scala` to
  `@io_bazel_rules_scala` for dependencies via repo mapping.

- Merges information about the previously planned `rules_scala` 8.0.0
  release into the information for 7.0.0, since it seems we may make
  only one major release.

- Improves information about `protobuf` support for versions before v28,
  Scala 2.11, and the upcoming Bzlmod `compatibility_level` setting.

- In `scala_config.bzl`, changes the private `_default_scala_version()`
  to the public `DEFAULT_SCALA_VERSION`.

- Adds `allow_empty = True` to a `glob` expression in
  `//test/semanticdb:lib_with_tempsrc`.

- Removes Scala 2.11 test cases from `test_thirdparty_version.sh` and
  `test_version.sh`.

This change is smaller and more focused than bazelbuild#1710, and should
ultimately make that pull request smaller and/or easier to review.

The motivations for the individual changes are:

- The public `DEFAULT_SCALA_VERSION` constant makes this value
  accessible to the upcoming module extension.

- `glob` requires an explicit `allow_empty = True` parameter in Bazel 8,
  in which `--incompatible_disallow_empty_glob` defaults to `True`.

- ScalaPB 0.9.8, the last version compatible with Scala 2.11, does not
  support `protobuf` v25.6 or later. For this reason, we must remove the
  Scala 2.11 test cases, as documented in the `README.md` updates. See
  also bazelbuild#1712.

We should consider dropping Scala 2.11 support at this point, since
there's no ScalaPB release for it that supports later versions of
`protobuf`. That, and we could remove some of the special case code
added in the following changes, amongst other 2.11 support details:

- bazelbuild#1631
- bazelbuild#1648
- bazelbuild#1687
- bazelbuild#1688
This was referenced Mar 7, 2025
Merged
Open
@mbland mbland marked this pull request as draft March 7, 2025 05:26
@mbland
Copy link
Contributor Author

mbland commented Mar 8, 2025

Per #1710 (comment), it seems more worthwhile to support having Windows users jump to protobuf v29 and protocol compiler toolchainization than to keep experimenting with this. Closing.

@mbland mbland closed this Mar 8, 2025
simuons pushed a commit that referenced this pull request Mar 10, 2025
@mbland
7.0.0 README updates and minor code changes (#1714)
b5b5a28 
* 7.0.0 README updates and minor code changes

Contains many editorial improvements to and some extra information in
the README, along with a few small improvements to the code. Broken out
from #1710, and part of #1482 and #1652.

Specifically:

- Adds more info on translating `@rules_scala` to
  `@io_bazel_rules_scala` for dependencies via repo mapping.

- Merges information about the previously planned `rules_scala` 8.0.0
  release into the information for 7.0.0, since it seems we may make
  only one major release.

- Improves information about `protobuf` support for versions before v28,
  Scala 2.11, and the upcoming Bzlmod `compatibility_level` setting.

- In `scala_config.bzl`, changes the private `_default_scala_version()`
  to the public `DEFAULT_SCALA_VERSION`.

- Adds `allow_empty = True` to a `glob` expression in
  `//test/semanticdb:lib_with_tempsrc`.

- Removes Scala 2.11 test cases from `test_thirdparty_version.sh` and
  `test_version.sh`.

This change is smaller and more focused than #1710, and should
ultimately make that pull request smaller and/or easier to review.

The motivations for the individual changes are:

- The public `DEFAULT_SCALA_VERSION` constant makes this value
  accessible to the upcoming module extension.

- `glob` requires an explicit `allow_empty = True` parameter in Bazel 8,
  in which `--incompatible_disallow_empty_glob` defaults to `True`.

- ScalaPB 0.9.8, the last version compatible with Scala 2.11, does not
  support `protobuf` v25.6 or later. For this reason, we must remove the
  Scala 2.11 test cases, as documented in the `README.md` updates. See
  also #1712.

We should consider dropping Scala 2.11 support at this point, since
there's no ScalaPB release for it that supports later versions of
`protobuf`. That, and we could remove some of the special case code
added in the following changes, amongst other 2.11 support details:

- #1631
- #1648
- #1687
- #1688

* Tweak `rules_python` and Bazel 6.5.0 `README` info

Provided a better explanation for using `rules_python` 0.38.0 for now.
Improved some of the language in the Bazel 6.5.0 compatibility section.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liucijus liucijus Awaiting requested review from liucijus liucijus is a code owner

@simuons simuons Awaiting requested review from simuons simuons is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mbland