Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Argo Workflows depends on a old version (v1.2.2) of "github.com/gogo/protobuf" with missing tag on github #14015

Open
sangalao opened this issue Dec 18, 2024 · 1 comment
Labels
go Pull requests that update Go dependencies type/dependencies PRs and issues specific to updating dependencies type/feature Feature request

Comments

@sangalao
Copy link

Summary

Hello,

It seems that latest version of “argoproj/pkg” depends on a very old version of “k8s.io/api” (v0.17.8), and thus depends on a very old version of “github.com/gogo/protobuf” (v1.2.2).
That ends up with having “argoproj/argo-workflows” depending on a very old version of “github.com/gogo/protobuf” (v1.2.2).

This is a “license” and “traceability” issue as version “github.com/gogo/protobuf” “v1.2.2” does not exist anymore on github as an official tag, so without any official license :
https://github.com/gogo/protobuf/tags

It would be appropriate to upgrade “argoproj/pkg” with a new newer “k8s.io/api” version (for example, v0.32.0), so that Argo Workflows only depends on “github.com/gogo/protobuf” (v1.3.2).

Use Cases

Current Dependency chains :

https://github.com/argoproj/argo-workflows/blob/main/go.mod =>
github.com/argoproj/pkg v0.13.7-0.20240704113442-a69fd34a8117

https://github.com/argoproj/pkg/blob/master/go.mod =>
k8s.io/api v0.17.8

https://github.com/kubernetes/api/blob/v0.17.8/go.mod =>
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d

Expected dependency chains :

https://github.com/argoproj/pkg/blob/master/go.mod =>
k8s.io/api v0.32.0

https://github.com/kubernetes/api/blob/v0.32.0/go.mod =>
github.com/gogo/protobuf v1.3.2


Message from the maintainers:

Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.

@sangalao sangalao added the type/feature Feature request label Dec 18, 2024
@sangalao sangalao changed the title Argo Workflows depends on a old version (v1.2.2) of "github.com/gogo/protobuf" with missing license (as tag is no more present on github) Argo Workflows depends on a old version (v1.2.2) of "github.com/gogo/protobuf" with missing tag on github Dec 18, 2024
@blkperl
Copy link
Contributor

blkperl commented Dec 20, 2024

I already have a PR to upgrade k8s argoproj/pkg#748. We just need someone to review it.

@blkperl blkperl added type/dependencies PRs and issues specific to updating dependencies go Pull requests that update Go dependencies labels Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
go Pull requests that update Go dependencies type/dependencies PRs and issues specific to updating dependencies type/feature Feature request
Projects
None yet
Development

No branches or pull requests

2 participants