Upgrade Protobuf version

[davipaula]

Hi team,

is it possible to upgrade the Protobuf version to 4.2X? The reason I ask is because one of my projects uses Protobuf, and the newest versions provide performance improvements when working with large payloads (which is exactly my usecase).

Currently, the requirement in SignalFX is set to >=3.0.0,<4.21.0 due to issues with 4.21.0 (see #132). The Protobuf version 4.21.0 has been yanked due to different problems with this release. The new versions are supposed to fix these problems.

I understand that 4.2X introduce some breaking changes, so the upgrade needs to be thoroughly tested.

I am happy to open a PR if it helps.

Thanks in advance!

[damanfb]

Was there any movement or plans on this?

I have an app that is also using splunk-opentelemetry for auto instrumentation and upgrading that to address a vulnerability requires protobuf>=4.23,<5.0 but signalfx still requires >=3.0.0,<4.21.0

[davipaula]

@damanfb this repo seems to be inactive, so I don't believe the maintainers will address this issue.

A possible solution is to fix your SignalFX version to 1.1.14, because it only requires Protobuf >= 3.0.0 (see the requirements.txt). The only difference between 1.1.14 and 1.1.16 is the Protobuf version.