Upgrade grpcio to 1.60.0 to fix CVE-2023-1428 (#174)

BewareMyPower · web-flow · commit 162afd53bda3 · 2023-12-13T12:06:13.000+08:00
* Upgrade grpcio to 1.60.0 to fix CVE-2023-1428 * Add a workflow to verify functions installation
diff --git a/.github/workflows/ci-pr-validation.yaml b/.github/workflows/ci-pr-validation.yaml
@@ -87,6 +87,10 @@ jobs:
       - name: Stop Pulsar service
         run: ./build-support/pulsar-test-service-stop.sh
 
+      - name: Test functions install
+        run: |
+            WHEEL=$(find dist -name '*.whl')
+            pip3 install ${WHEEL}[functions] --force-reinstall
 
   linux-wheel:
     name: Wheel ${{matrix.image.name}} - Py ${{matrix.python.version}} - ${{matrix.cpu.platform}}
diff --git a/setup.py b/setup.py
@@ -80,7 +80,7 @@ def build_extension(self, ext):
 extras_require["functions"] = sorted(
     {
       "protobuf>=3.6.1,<=3.20.3",
-      "grpcio>=1.8.2",
+      "grpcio>=1.60.0",
       "apache-bookkeeper-client>=4.16.1",
       "prometheus_client",
       "ratelimit"

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ def build_extension(self, ext):`
`80`	`80`	`extras_require["functions"] = sorted(`
`81`	`81`	`{`
`82`	`82`	`"protobuf>=3.6.1,<=3.20.3",`
`83`		`- "grpcio>=1.8.2",`
	`83`	`+ "grpcio>=1.60.0",`
`84`	`84`	`"apache-bookkeeper-client>=4.16.1",`
`85`	`85`	`"prometheus_client",`
`86`	`86`	`"ratelimit"`