You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2020/04/03 08:54:38 UTC
[GitHub] [flink] zentol opened a new pull request #11626: [FLINK-16961] Bump
Netty 4.X to 4.1.44
zentol opened a new pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626
To address multiple CVEs in netty.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404625768
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
Review comment:
I see. Thanks for the info.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404620737
##########
File path: flink-connectors/flink-connector-elasticsearch5/pom.xml
##########
@@ -82,6 +82,55 @@ under the License.
<version>${elasticsearch.version}</version>
</dependency>
+ <dependency>
+ <!-- Bump elasticsearch netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
Review comment:
Hmm ok. I was just thinking if already do the effort to upgrade why not trying the latest version. But on the other hand, it might cause more problems.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404197167
##########
File path: flink-connectors/flink-connector-elasticsearch5/pom.xml
##########
@@ -82,6 +82,55 @@ under the License.
<version>${elasticsearch.version}</version>
</dependency>
+ <dependency>
+ <!-- Bump elasticsearch netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
Review comment:
Smallest required jump.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol merged pull request #11626: [FLINK-16961] Bump Netty
4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol merged pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404194416
##########
File path: flink-python/src/main/resources/META-INF/NOTICE
##########
@@ -20,13 +20,13 @@ This project bundles the following dependencies under the Apache Software Licens
- io.grpc:grpc-protobuf:1.21.0
- io.grpc:grpc-stub:1.21.0
- io.grpc:grpc-testing:1.21.0
-- io.netty:netty-buffer:4.1.27.Final
+- io.netty:netty-buffer:4.1.44.Final
- io.netty:netty-buffer:4.1.34.Final
- io.netty:netty-codec:4.1.34.Final
- io.netty:netty-codec-http:4.1.34.Final
- io.netty:netty-codec-http2:4.1.34.Final
- io.netty:netty-codec-socks:4.1.34.Final
-- io.netty:netty-common:4.1.27.Final
+- io.netty:netty-common:4.1.44.Final
- io.netty:netty-common:4.1.34.Final
- io.netty:netty-handler:4.1.34.Final
- io.netty:netty-handler-proxy:4.1.34.Final
Review comment:
I did ignore them tho and had to do some research first, good job pointing them out. 👍
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404635655
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
Review comment:
This dependencies block is in the `hive-3.1.1` profile, so it is kinda important ;)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on issue #11626: [FLINK-16961] Bump Netty
4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-611384897
@tillrohrmann I believe the remaining issues are solved. Could you double-check that netty no longer shows up in the sql connectors? I couldn't reproduce this yet myself :/
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot commented on issue #11626: [FLINK-16961] Bump
Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608318425
Thanks a lot for your contribution to the Apache Flink project. I'm the @flinkbot. I help the community
to review your pull request. We will use this comment to track the progress of the review.
## Automated Checks
Last check on commit 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 (Fri Apr 03 08:57:29 UTC 2020)
**Warnings:**
* **4 pom.xml files were touched**: Check for build and licensing issues.
* No documentation files were touched! Remember to keep the Flink docs up to date!
<sub>Mention the bot in a comment to re-run the automated checks.</sub>
## Review Progress
* ❓ 1. The [description] looks good.
* ❓ 2. There is [consensus] that the contribution should go into to Flink.
* ❓ 3. Needs [attention] from.
* ❓ 4. The change fits into the overall [architecture].
* ❓ 5. Overall code [quality] is good.
Please see the [Pull Request Review Guide](https://flink.apache.org/contributing/reviewing-prs.html) for a full explanation of the review process.<details>
The Bot is tracking the review progress through labels. Labels are applied according to the order of the review items. For consensus, approval by a Flink committer of PMC member is required <summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot approve description` to approve one or more aspects (aspects: `description`, `consensus`, `architecture` and `quality`)
- `@flinkbot approve all` to approve all aspects
- `@flinkbot approve-until architecture` to approve everything until `architecture`
- `@flinkbot attention @username1 [@username2 ..]` to require somebody's attention
- `@flinkbot disapprove architecture` to remove an approval you gave earlier
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* da804e87116667886ab9f47a859152d590a3203f Travis: [SUCCESS](https://travis-ci.com/github/flink-ci/flink/builds/158631528) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092)
* cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "FAILURE",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "PENDING",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/159548251",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a Travis: [PENDING](https://travis-ci.com/github/flink-ci/flink/builds/159548251) Azure: [FAILURE](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404170996
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
Review comment:
did you activate the `hive-3.1.1` profile?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404065014
##########
File path: flink-python/src/main/resources/META-INF/NOTICE
##########
@@ -20,13 +20,13 @@ This project bundles the following dependencies under the Apache Software Licens
- io.grpc:grpc-protobuf:1.21.0
- io.grpc:grpc-stub:1.21.0
- io.grpc:grpc-testing:1.21.0
-- io.netty:netty-buffer:4.1.27.Final
+- io.netty:netty-buffer:4.1.44.Final
- io.netty:netty-buffer:4.1.34.Final
- io.netty:netty-codec:4.1.34.Final
- io.netty:netty-codec-http:4.1.34.Final
- io.netty:netty-codec-http2:4.1.34.Final
- io.netty:netty-codec-socks:4.1.34.Final
-- io.netty:netty-common:4.1.27.Final
+- io.netty:netty-common:4.1.44.Final
- io.netty:netty-common:4.1.34.Final
- io.netty:netty-handler:4.1.34.Final
- io.netty:netty-handler-proxy:4.1.34.Final
Review comment:
Why is it ok to use these older Netty dependencies?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "PENDING",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "PENDING",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 Travis: [PENDING](https://travis-ci.com/github/flink-ci/flink/builds/158164601) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404654699
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
Review comment:
Seems to be correct given `mvn dependency:tree -Phive-3.1.1`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "FAILURE",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "PENDING",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 Travis: [FAILURE](https://travis-ci.com/github/flink-ci/flink/builds/158164601) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot commented on issue #11626: [FLINK-16961] Bump
Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on issue #11626: [FLINK-16961] Bump Netty
4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608319354
Any input on whether to backport this PR to 1.10/1.9 would be appreciated.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404063067
##########
File path: flink-connectors/flink-connector-cassandra/src/main/resources/META-INF/NOTICE
##########
@@ -9,8 +9,8 @@ This project bundles the following dependencies under the Apache Software Licens
- com.datastax.cassandra:cassandra-driver-core:3.0.0
- com.datastax.cassandra:cassandra-driver-mapping:3.0.0
- com.google.guava:guava:18.0
-- io.netty:netty-handler:4.0.33.Final
-- io.netty:netty-buffer:4.0.33.Final
-- io.netty:netty-common:4.0.33.Final
-- io.netty:netty-transport:4.0.33.Final
-- io.netty:netty-codec:4.0.33.Final
+- io.netty:netty-handler:4.1.44.Final
+- io.netty:netty-buffer:4.1.44.Final
+- io.netty:netty-common:4.1.44.Final
+- io.netty:netty-transport:4.1.44.Final
+- io.netty:netty-codec:4.1.44.Final
Review comment:
`io.netty:netty-resolver:jar:4.1.44.Final` is missing
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404056264
##########
File path: flink-connectors/flink-hbase/pom.xml
##########
@@ -210,6 +210,13 @@ under the License.
</exclusions>
</dependency>
+ <dependency>
+ <!-- Bump hbase netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-all</artifactId>
+ <version>4.1.44.Final</version>
Review comment:
Same here, why not `4.1.48.final`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404196927
##########
File path: flink-connectors/flink-connector-cassandra/src/main/resources/META-INF/NOTICE
##########
@@ -9,8 +9,8 @@ This project bundles the following dependencies under the Apache Software Licens
- com.datastax.cassandra:cassandra-driver-core:3.0.0
- com.datastax.cassandra:cassandra-driver-mapping:3.0.0
- com.google.guava:guava:18.0
-- io.netty:netty-handler:4.0.33.Final
-- io.netty:netty-buffer:4.0.33.Final
-- io.netty:netty-common:4.0.33.Final
-- io.netty:netty-transport:4.0.33.Final
-- io.netty:netty-codec:4.0.33.Final
+- io.netty:netty-handler:4.1.44.Final
+- io.netty:netty-buffer:4.1.44.Final
+- io.netty:netty-common:4.1.44.Final
+- io.netty:netty-transport:4.1.44.Final
+- io.netty:netty-codec:4.1.44.Final
Review comment:
I don't see `netty-resolver` in the dependency or shade-plugin output.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404652193
##########
File path: flink-connectors/flink-connector-cassandra/src/main/resources/META-INF/NOTICE
##########
@@ -9,8 +9,8 @@ This project bundles the following dependencies under the Apache Software Licens
- com.datastax.cassandra:cassandra-driver-core:3.0.0
- com.datastax.cassandra:cassandra-driver-mapping:3.0.0
- com.google.guava:guava:18.0
-- io.netty:netty-handler:4.0.33.Final
-- io.netty:netty-buffer:4.0.33.Final
-- io.netty:netty-common:4.0.33.Final
-- io.netty:netty-transport:4.0.33.Final
-- io.netty:netty-codec:4.0.33.Final
+- io.netty:netty-handler:4.1.44.Final
+- io.netty:netty-buffer:4.1.44.Final
+- io.netty:netty-common:4.1.44.Final
+- io.netty:netty-transport:4.1.44.Final
+- io.netty:netty-codec:4.1.44.Final
Review comment:
ah, i see it now. I must've checked on the wrong branch.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on issue #11626: [FLINK-16961] Bump
Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-610249287
Thanks for answering my questions @zentol.
I think the last thing to do is to address the modules which have also a netty dependency and resolving the `netty-resolver` dependency.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "FAILURE",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "UNKNOWN",
"url" : "TBD",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 Travis: [FAILURE](https://travis-ci.com/github/flink-ci/flink/builds/158164601) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032)
* da804e87116667886ab9f47a859152d590a3203f UNKNOWN
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "PENDING",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "PENDING",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/159548251",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* da804e87116667886ab9f47a859152d590a3203f Travis: [SUCCESS](https://travis-ci.com/github/flink-ci/flink/builds/158631528) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092)
* cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a Travis: [PENDING](https://travis-ci.com/github/flink-ci/flink/builds/159548251) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404052755
##########
File path: flink-connectors/flink-connector-elasticsearch5/pom.xml
##########
@@ -82,6 +82,55 @@ under the License.
<version>${elasticsearch.version}</version>
</dependency>
+ <dependency>
+ <!-- Bump elasticsearch netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
Review comment:
Why don't we upgrade right away to `4.1.48.final`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "FAILURE",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "PENDING",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "PENDING",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 Travis: [FAILURE](https://travis-ci.com/github/flink-ci/flink/builds/158164601) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032)
* da804e87116667886ab9f47a859152d590a3203f Travis: [PENDING](https://travis-ci.com/github/flink-ci/flink/builds/158631528) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "FAILURE",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
}, {
"hash" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"status" : "SUCCESS",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/159548251",
"triggerID" : "cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* cbfced9fe5f277b3ac5b6f12e79a64fa3dfe748a Travis: [SUCCESS](https://travis-ci.com/github/flink-ci/flink/builds/159548251) Azure: [FAILURE](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7265)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404193632
##########
File path: flink-python/src/main/resources/META-INF/NOTICE
##########
@@ -20,13 +20,13 @@ This project bundles the following dependencies under the Apache Software Licens
- io.grpc:grpc-protobuf:1.21.0
- io.grpc:grpc-stub:1.21.0
- io.grpc:grpc-testing:1.21.0
-- io.netty:netty-buffer:4.1.27.Final
+- io.netty:netty-buffer:4.1.44.Final
- io.netty:netty-buffer:4.1.34.Final
- io.netty:netty-codec:4.1.34.Final
- io.netty:netty-codec-http:4.1.34.Final
- io.netty:netty-codec-http2:4.1.34.Final
- io.netty:netty-codec-socks:4.1.34.Final
-- io.netty:netty-common:4.1.27.Final
+- io.netty:netty-common:4.1.44.Final
- io.netty:netty-common:4.1.34.Final
- io.netty:netty-handler:4.1.34.Final
- io.netty:netty-handler-proxy:4.1.34.Final
Review comment:
These are bundled in `beam-vendor-grpc-1_21_0`, and I have no idea how/whether we can update these.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* da804e87116667886ab9f47a859152d590a3203f Travis: [SUCCESS](https://travis-ci.com/github/flink-ci/flink/builds/158631528) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol edited a comment on issue #11626: [FLINK-16961] Bump
Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-609865199
> I was wondering whether we shouldn't declare minimum requirements in the parent pom's dependency management section
DependencyManagement has subtle flaws that make it undesirable for this case. This will likely also apply to other cases and existing depMgmt entries that we currently have, which we may want to re-evaluate at some point.
The core issue is that dependency management entries do not affect the published poms.
Let's say you have a module M, depending on A, depending on B 1.0, and M has a depMgmt entry for B setting it to 1.1.
While you are working in the module, writing code, running tests, packaging dependencies, B is set to 1.1 as expected.
But, in the published pom there is still just the dependency on A. You don't see anything about B, so a user would pull in B 1.0 again. DependencyManagement is not transitive; not visible to downstream modules. See also MNG-5761.
This is also why we have so many entries in the root pom; if one module has a depMgmt entry, and another module depends on it, then the second one doesn't see the depMgmt entries of the first one, and has to handle the conflicts locally again.
In other words, if you bundle a dependency affected by depMgmt entries then you're good. But if this dependency is exposed to users, then you have achieved no practical benefit.
A security scanner running over the project itself will be happy, a scanner running over the published artifacts will complain.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "FAILURE",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "SUCCESS",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* 10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4 Travis: [FAILURE](https://travis-ci.com/github/flink-ci/flink/builds/158164601) Azure: [SUCCESS](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404066156
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
Review comment:
Help me again. Why do we need these exclusions? Wouldn't they be overridden by the explicit Netty dependencies which are closer to the root?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404069049
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
Review comment:
I couldn't really see that these pom entries have an effect on `mvn dependency:tree`. It looks as if this module does not have a `netty-common` and `netty-buffer` dependency.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404170706
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
Review comment:
the dependency convergence complains because we did not explicitly handle the mismatch.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404621516
##########
File path: flink-connectors/flink-connector-hive/pom.xml
##########
@@ -934,6 +934,42 @@ under the License.
<hive.version>3.1.1</hive.version>
</properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.hive</groupId>
+ <artifactId>hive-metastore</artifactId>
+ <version>${hive.version}</version>
+ <scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ </exclusion>
+ <exclusion>
+ <!-- Override arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-buffer</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <!-- Bump arrow netty dependency -->
+ <groupId>io.netty</groupId>
+ <artifactId>netty-common</artifactId>
+ <version>4.1.44.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
Review comment:
No I did not. If this explains then I guess it is correct.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] zentol commented on issue #11626: [FLINK-16961] Bump Netty
4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
zentol commented on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-609865199
> I was wondering whether we shouldn't declare minimum requirements in the parent pom's dependency management section
DependencyManagement has subtle flaws that make it undesirable for this case. This will likely also apply to other cases and existing depMgmt entries that we currently have, which we may want to re-evaluate at some point.
The core issue is that dependency management entries do not affect the published poms.
Let's say you have a module M, depending on A, depending on B 1.0, and M has a depMgmt entry for B setting it to 1.1.
While you are working in the module, writing code, running tests, packaging dependencies, B is set to 1.1 as expected.
But, in the published pom there is still just the dependency on A. You don't see anything about B, so a user would pull in B 1.0 again DependencyManagement is not transitive, i.e., not visible to downstream modules. See also MNG-5761.
This is also why we have so many entries in the root pom; if one module has a depMgmt entry, and another module depends on it, then the second one doesn't see the depMgmt entries of the first one, and has to handle the conflicts locally again.
In other words, if you bundle a dependency affected by depMgmt entries then you're good. But if this dependency is exposed to users, then you have achieved no practical benefit.
A security scanner running over the project itself will be happy, a scanner running over the published artifacts will complain.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] tillrohrmann commented on a change in pull request #11626:
[FLINK-16961] Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
tillrohrmann commented on a change in pull request #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#discussion_r404625359
##########
File path: flink-connectors/flink-connector-cassandra/src/main/resources/META-INF/NOTICE
##########
@@ -9,8 +9,8 @@ This project bundles the following dependencies under the Apache Software Licens
- com.datastax.cassandra:cassandra-driver-core:3.0.0
- com.datastax.cassandra:cassandra-driver-mapping:3.0.0
- com.google.guava:guava:18.0
-- io.netty:netty-handler:4.0.33.Final
-- io.netty:netty-buffer:4.0.33.Final
-- io.netty:netty-common:4.0.33.Final
-- io.netty:netty-transport:4.0.33.Final
-- io.netty:netty-codec:4.0.33.Final
+- io.netty:netty-handler:4.1.44.Final
+- io.netty:netty-buffer:4.1.44.Final
+- io.netty:netty-common:4.1.44.Final
+- io.netty:netty-transport:4.1.44.Final
+- io.netty:netty-codec:4.1.44.Final
Review comment:
`netty-transport ` has a compile time dependency. Hence it should be included in the final artifact: https://mvnrepository.com/artifact/io.netty/netty-transport/4.1.44.Final
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [flink] flinkbot edited a comment on issue #11626: [FLINK-16961]
Bump Netty 4.X to 4.1.44
Posted by GitBox <gi...@apache.org>.
flinkbot edited a comment on issue #11626: [FLINK-16961] Bump Netty 4.X to 4.1.44
URL: https://github.com/apache/flink/pull/11626#issuecomment-608322234
<!--
Meta data
{
"version" : 1,
"metaDataEntries" : [ {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158164601",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"status" : "DELETED",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7032",
"triggerID" : "10cea4c8ba6756ac31de11a5a6728a5dfc41d9c4",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "SUCCESS",
"url" : "https://travis-ci.com/github/flink-ci/flink/builds/158631528",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
}, {
"hash" : "da804e87116667886ab9f47a859152d590a3203f",
"status" : "PENDING",
"url" : "https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092",
"triggerID" : "da804e87116667886ab9f47a859152d590a3203f",
"triggerType" : "PUSH"
} ]
}-->
## CI report:
* da804e87116667886ab9f47a859152d590a3203f Travis: [SUCCESS](https://travis-ci.com/github/flink-ci/flink/builds/158631528) Azure: [PENDING](https://dev.azure.com/rmetzger/5bd3ef0a-4359-41af-abca-811b04098d2e/_build/results?buildId=7092)
<details>
<summary>Bot commands</summary>
The @flinkbot bot supports the following commands:
- `@flinkbot run travis` re-run the last Travis build
- `@flinkbot run azure` re-run the last Azure build
</details>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services