Update nanopb to 0.3.9.5 (CocoaPods 1.30905.0) #4264
Conversation
|
@wilhuff The old gRPC-C++ dependency on nanopb "~> 0.3" is blocking the migration of Firebase to be able to update to the 1.0.0 version documented in google/nanopb-podspec#13. Is there a plan to update Firestore to a later version of gRPC-C++ that includes the nanopb removal? Or any other suggestion for resolution? Firestore tests fail with |
|
I'll work with gRPC-team to get a respin of gRPC-C++ out. This will likely be in gRPC-C++ 1.25.1 (formal support for gRPC-C++ on iOS will come with that). |
This unblocks nanopb changes proposed in #4264.
|
Moving this to Firebase 7 to coordinate the breaking change update across internal and external repos. |
In addition to the version change, this comes with some other changes:
* gRPC now depends upon Abseil, so we no longer directly include
abseil-cpp for ourselves.
* gRPC's CMake system now allows all interesting dependencies to
specify their location via a ROOT_DIR variable (e.g.
ABSL_ROOT_DIR). Use these to move sources outside the gRPC source
tree, removing the need for a separate grpc-download target. This
fixes the problem where each gRPC upgrade would wipe out its
dependencies.
This unblocks nanopb changes proposed in #4264.
In addition to the version change, this comes with some other changes:
* gRPC now depends upon Abseil, so we no longer directly include
abseil-cpp for ourselves.
* gRPC's CMake system now allows all interesting dependencies to
specify their location via a ROOT_DIR variable (e.g.
ABSL_ROOT_DIR). Use these to move sources outside the gRPC source
tree, removing the need for a separate grpc-download target. This
fixes the problem where each gRPC upgrade would wipe out its
dependencies.
This unblocks nanopb changes proposed in #4264.
In addition to the version change, this comes with some other changes:
* gRPC now depends upon Abseil, so we no longer directly include
abseil-cpp for ourselves.
* gRPC's CMake system now allows all interesting dependencies to
specify their location via a ROOT_DIR variable (e.g.
ABSL_ROOT_DIR). Use these to move sources outside the gRPC source
tree, removing the need for a separate grpc-download target. This
fixes the problem where each gRPC upgrade would wipe out its
dependencies.
This unblocks nanopb changes proposed in #4264.
This unblocks nanopb changes proposed in #4264. This upgrades everything in the gRPC constellation of dependencies to match gRPC at 1.28: * gRPC to 1.28.0 (note that gRPC 1.28.1, while released, is a fix for just the python binding and there's no gRPC-C++ CocoaPod at that version) * Abseil to 20200225 (as of gRPC 1.27 this is now a gRPC dependency too; there's a later patch but gRPC doesn't use it yet) * Protobuf C++ to 3.11.4 (only used for testing in Firestore) * C-Ares to 1.15.0 * BoringSSL to match (no change between gRPC 1.27.0 and 1.28.0) Also, this disables CFStream-based transport on Apple platforms. This works around b/133182964, wherein CFStream will occasionally fail to raise a has-bytes-available events, causing Firestore to appear to hang.
|
With #4312 submitted this change should now be unblocked. |
paulb777
force-pushed
the
pb-test-nanopb
branch
from
1503d4a to
ffc5c20
Compare
This unblocks nanopb changes proposed in #4264. This upgrades everything in the gRPC constellation of dependencies to match gRPC at 1.28: * gRPC to 1.28.0 (note that gRPC 1.28.1, while released, is a fix for just the python binding and there's no gRPC-C++ CocoaPod at that version) * Abseil to 20200225 (as of gRPC 1.27 this is now a gRPC dependency too; there's a later patch but gRPC doesn't use it yet) * Protobuf C++ to 3.11.4 (only used for testing in Firestore) * C-Ares to 1.15.0 * BoringSSL to match (no change between gRPC 1.27.0 and 1.28.0) Also, this disables CFStream-based transport on Apple platforms. This works around b/133182964, wherein CFStream will occasionally fail to raise a has-bytes-available events, causing Firestore to appear to hang.
FirebaseCore/CHANGELOG.md
Outdated
| @@ -1,3 +1,10 @@ | |||
| # v6.7.0 -- M70 | |||
| - [fixed] Updated the nanopb version dependency across Firebase to 0.3.9.5 that | |||
There was a problem hiding this comment.
You can phrase this more simply and tersely, while giving more details.
Updated nanopb to 0.3.9.5 (across all Firebase pods). This includes a fix for CVE-2020-5235. Note that the versioning scheme for the nanopb CocoaPod has changed, see https://github.com/google/nanopb-podspec for more details.
In particular:
- We should link to details of the specific vulnerability we're fixing
- I don't think we need to fully spell out the versioning change here, given that we're linking to a page that describes it in detail
|
Going to merge now since testing looks good so far and to have a day to further bake before tomorrow's code freeze. |
|
Got a pod install error in GDTCCTWatchOSTestApp with this GoogleDataTransportCCTSupport.podspec [!] CocoaPods could not find compatible versions for pod "nanopb": In Podfile: Specs satisfying the |
|
@doudounan Likely a similar fix as #5483 is needed |
|
@paulb777 Thanks, Paul. |
|
i have tha same problem, and only full downgrade solved this pod 'nanopb', '>0.3.9011' |
|
@krsvital If you're seeing this problem after the Firebase 6.24.0 release, please open a new issue with your Podfile and Podfile.lock. |
Fix #5191
See google/nanopb-podspec#13 for a description of the new nanopb CocoaPods versioning scheme.
Updates test infrastructure to test preliminary versions of Analytics pod structure (but not functional) changes.
See #5455 for the corresponding no-op nanopb code gen changes.
Googlers - see also cl/308045137
#no-changelog