Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ hypertrace-attributeservice = "0.14.35"
hypertrace-gatewayservice = "0.3.9"
hypertrace-entityservice = "0.8.86"
hypertrace-configservice = "0.1.74"
jetty = "12.1.9"
netty = "4.1.133.Final"
jetty = "12.1.10"
netty = "4.2.15.Final"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep netty on the same major release please - 4.1.x

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any specific reason?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need some testing/validation before netty major version upgrade?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - we don't use netty directly, we depend on it via grpc. So when we upgrade it, we're swapping the version the grpc libs compiled/tested against out at runtime. For patch releases that's fine, but the upgrade process from 4.1->4.2 has many gotchas that we don't want to (and in some cases, aren't able to) account for: https://netty.io/wiki/netty-4.2-migration-guide.html

Once grpc itself updates it's netty version, we can. But in the meantime there shouldn't be any CVEs that appear on 4.1 and not 4.2, 4.1 is much more widely adopted and both are maintained. Is there a particular CVE you're looking at?


junit = "5.10.0"
mockito = "5.8.0"
Expand All @@ -36,7 +36,7 @@ grpc-netty = { module = "io.grpc:grpc-netty" }
grpc-context = { module = "io.grpc:grpc-context" }
grpc-inprocess = { module = "io.grpc:grpc-inprocess" }
grpc-services = { module = "io.grpc:grpc-services" }
jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version = "2.21.1" }
jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version = "2.21.4" }
jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind" }
jackson-datatype-jsr310 = { module = "com.fasterxml.jackson.datatype:jackson-datatype-jsr310" }
jackson-datatype-jdk8 = { module = "com.fasterxml.jackson.datatype:jackson-datatype-jdk8" }
Expand All @@ -51,7 +51,7 @@ netty-bom = { module = "io.netty:netty-bom", version.ref = "netty" }
protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protoc" }
protobuf-javautil = { module = "com.google.protobuf:protobuf-java-util", version.ref = "protoc" }
slf4j2-api = { module = "org.slf4j:slf4j-api", version = "2.0.7" }
log4j-slf4j2-impl = { module = "org.apache.logging.log4j:log4j-slf4j2-impl", version = "2.25.4" }
log4j-slf4j2-impl = { module = "org.apache.logging.log4j:log4j-slf4j2-impl", version = "2.25.5" }
javax-annotation = { module = "javax.annotation:javax.annotation-api", version = "1.3.2" }
rxjava3 = { module = "io.reactivex.rxjava3:rxjava", version = "3.1.7" }
uuidcreator = { module = "com.github.f4b6a3:uuid-creator", version = "5.3.2" }
Expand Down
Loading