Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump up netty to 4.1.99 #11389

Merged
merged 2 commits into from
Oct 9, 2023
Merged

Bump up netty to 4.1.99 #11389

merged 2 commits into from
Oct 9, 2023

Conversation

kezhenxu94
Copy link
Member

  • If this pull request closes/resolves/fixes an existing issue, replace the issue number. NO.
  • Update the CHANGES log.

wu-sheng
wu-sheng previously approved these changes Oct 9, 2023
View reviewed changes
@wu-sheng wu-sheng added the dependencies Pull requests that update a dependency file label Oct 9, 2023
@wu-sheng wu-sheng added this to the 9.7.0 milestone Oct 9, 2023
@wu-sheng wu-sheng added the backend OAP backend related. label Oct 9, 2023
@lujiajing1126
Copy link
Contributor

As I've noticed from grpc-java repo, grpc/grpc-java#10401, netty 4.1.94 suffers from performance issue.

@wu-sheng
Copy link
Member

wu-sheng commented Oct 9, 2023

Interesting. @kezhenxu94 Is 4.1.93 good enough from CVE perspective?

lujiajing1126
lujiajing1126 requested changes Oct 9, 2023
View reviewed changes
pom.xml Outdated
@@ -170,7 +170,7 @@

<!-- core lib dependency -->
<grpc.version>1.53.0</grpc.version>
<netty.version>4.1.86.Final</netty.version>
<netty.version>4.1.94.Final</netty.version>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about 4.1.97. As it is used by grpc-java

grpc/grpc-java@88b3484

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lujiajing1126 We manage netty version separately AFAIK. We ignore the gRPC-Java dependency. The skywalking-eye license check verified the final use.

@kezhenxu94 kezhenxu94 changed the title Bump up netty to 4.1.94 Bump up netty to 4.1.99 Oct 9, 2023
@kezhenxu94
Copy link
Member Author

The regression is fixed in 4.1.96.Final and now i bump to 4.1.99.Final

@wu-sheng wu-sheng merged commit fc151a4 into apache:master Oct 9, 2023
163 checks passed
@kezhenxu94 kezhenxu94 deleted the deps branch October 9, 2023 06:38
liangyepianzhou pushed a commit to liangyepianzhou/skywalking that referenced this pull request Oct 29, 2023
@kezhenxu94 @liangyepianzhou
Bump up netty to 4.1.99 (apache#11389)
f357b01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lujiajing1126 lujiajing1126 lujiajing1126 approved these changes

@wu-sheng wu-sheng Awaiting requested review from wu-sheng

Assignees
No one assigned
Labels
backend OAP backend related. dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
9.7.0
Development

Successfully merging this pull request may close these issues.
3 participants
@kezhenxu94 @lujiajing1126 @wu-sheng