yonatan-cohen8186 opened a new issue, #59506: URL: https://github.com/apache/airflow/issues/59506
### Description Airflow 2.10.3 constraints need protobuf>=6.0,<7.0 for dbt ecosystem compatibility and security We're planning to upgrade to Airflow 2.10.3 on AWS MWAA and need to integrate with the dbt ecosystem. However, Airflow 2.10.3's constraints pin protobuf==4.25.5, which has a security vulnerability and prevents compatibility with dbt ecosystem that requires protobuf>=6.0,<7.0. ### Use case/motivation We would like Airflow 2.10.3 constraints updated to support protobuf>=6.0,<7.0 to: 1. Fix the protobuf 4.25.5 security vulnerability 2. Enable dbt ecosystem compatibility (dbt-core, dbt-snowflake, dbt-common) 3. Remove blocker for upgrading to Airflow 2.10.3 Current situation: - Airflow 2.10.3 pins protobuf==4.25.5 (security vulnerability) - dbt ecosystem requires protobuf>=6.0,<7.0 - dbt Labs confirmed they will NOT support protobuf 4.25.5 - This prevents using dbt with Airflow 2.10.3 This affects many teams using both Airflow and dbt, especially on MWAA. ### Related issues dbt Labs Issue: https://github.com/dbt-labs/dbt-core/issues/12263 (closed - won't fix, dbt Labs requires protobuf>=6.0) Context: dbt Labs confirmed they will not support protobuf 4.25.5 due to security vulnerability The entire dbt ecosystem (dbt-core, dbt-adapters, dbt-common) now requires protobuf>=6.0,<7.0 This is a blocker for any team trying to use dbt with Airflow 2.10.3 ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
