Unpin grpcio for Ray Client (ray-project#37368)

It seems like the bug grpc/grpc#31885 that caused the problems with Ray Client tests has been fixed in grpcio 1.56, so we are removing the pin so people can upgrade to fix https://nvd.nist.gov/vuln/detail/CVE-2023-32731 Pinning to just the latest version would be too restrictive so we remove the pin (since the Ray client works with other versions as well except for some corner cases).
lmco · Jul 13, 2023 · 61401da · 61401da
1 parent da39640
commit 61401da
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 4 deletions.
diff --git a/python/requirements.txt b/python/requirements.txt
@@ -54,7 +54,6 @@ requests
 pandas
 tensorboardX<=2.6.0,>=1.9 # >=2.6.1 uses protobuf>=4, and conflicts with other packages.
 gymnasium==0.26.3
-grpcio<=1.50.0,>=1.42.0 # ray client
 aiohttp>=3.7
 starlette
 typer

diff --git a/python/setup.py b/python/setup.py
@@ -263,9 +263,7 @@ def get_packages(self):
  "virtualenv >=20.0.24, < 20.21.1", # For pip runtime env.
  ],
  "client": [
- # The Ray client needs a specific range of gRPC to work:
- # Tracking issue: https://github.com/grpc/grpc/issues/31885
- "grpcio >= 1.42.0, <= 1.50.0",
+ "grpcio",
  ],
  "serve": ["uvicorn", "requests", "starlette", "fastapi", "aiorwlock"],
  "tune": ["pandas", "tensorboardX>=1.9", "requests", pyarrow_dep],