You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/10/09 14:20:00 UTC

[jira] [Work logged] (BEAM-9030) Bump grpc to 1.26.0

     [ https://issues.apache.org/jira/browse/BEAM-9030?focusedWorklogId=498579&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-498579 ]

ASF GitHub Bot logged work on BEAM-9030:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Oct/20 14:19
            Start Date: 09/Oct/20 14:19
    Worklog Time Spent: 10m 
      Work Description: iemejia commented on a change in pull request #10463:
URL: https://github.com/apache/beam/pull/10463#discussion_r502433421



##########
File path: buildSrc/src/main/groovy/org/apache/beam/gradle/GrpcVendoring.groovy
##########
@@ -28,23 +28,44 @@ class GrpcVendoring {
   static List<String> dependencies() {
     return [
       'com.google.guava:guava:26.0-jre',
-      'com.google.protobuf:protobuf-java:3.7.1',
-      'com.google.protobuf:protobuf-java-util:3.7.1',
-      'com.google.code.gson:gson:2.7',
-      'io.grpc:grpc-auth:1.21.0',
-      'io.grpc:grpc-core:1.21.0',
-      'io.grpc:grpc-context:1.21.0',
-      'io.grpc:grpc-netty:1.21.0',
-      'io.grpc:grpc-protobuf:1.21.0',
-      'io.grpc:grpc-stub:1.21.0',
-      'io.netty:netty-transport-native-epoll:4.1.34.Final',
+      'com.google.protobuf:protobuf-java:3.11.0',
+      'com.google.protobuf:protobuf-java-util:3.11.0',
+      'com.google.code.gson:gson:2.8.6',
+      'io.grpc:grpc-auth:1.26.0',
+      'io.grpc:grpc-core:1.26.0',
+      'io.grpc:grpc-context:1.26.0',
+      'io.grpc:grpc-netty:1.26.0',
+      'io.grpc:grpc-protobuf:1.26.0',
+      'io.grpc:grpc-stub:1.26.0',
+      'io.netty:netty-transport-native-epoll:4.1.42.Final',
       // tcnative version from https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty
-      'io.netty:netty-tcnative-boringssl-static:2.0.22.Final',
-      'com.google.auth:google-auth-library-credentials:0.13.0',
-      'io.grpc:grpc-testing:1.21.0',
+      'io.netty:netty-tcnative-boringssl-static:2.0.26.Final',
+      'com.google.auth:google-auth-library-credentials:0.18.0',
+      'io.grpc:grpc-testing:1.26.0',
       'com.google.api.grpc:proto-google-common-protos:1.12.0',
-      'io.opencensus:opencensus-api:0.21.0',
-      'io.opencensus:opencensus-contrib-grpc-metrics:0.21.0',
+      'io.opencensus:opencensus-api:0.24.0',
+      'io.opencensus:opencensus-contrib-grpc-metrics:0.24.0',
+      'io.perfmark:perfmark-api:0.19.0',
+      'avalon-framework:avalon-framework:4.1.5',
+      'com.github.jponge:lzma-java:1.3',
+      'com.google.protobuf.nano:protobuf-javanano:3.0.0-alpha-5',
+      'com.jcraft:jzlib:1.1.3',
+      'com.ning:compress-lzf:1.0.3',
+      'commons-logging:commons-logging:1.2',
+      'javax.jms:jms-api:1.1-rev-1',
+      'javax.mail:mail:1.4.3',
+      'javax.servlet:servlet-api:2.5',
+      'log4j:log4j:1.2.17',

Review comment:
       Question from the future how we chose the versions that are here it is just the latest available at the time or they come from some internal dependency?
   
   It seems log4j-api (2.6.2) is producing some alerts on security scanners:
   https://nvd.nist.gov/vuln/detail/CVE-2017-5645
   
   Can I open a PR to upgrade this? Is there anyone working on upgrades to grpc? I noticed also that there are some other unreleased changes in the 1.26.0 version so I suppose we could do a release of it.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 498579)
    Time Spent: 8h 40m  (was: 8.5h)

> Bump grpc to 1.26.0
> -------------------
>
>                 Key: BEAM-9030
>                 URL: https://issues.apache.org/jira/browse/BEAM-9030
>             Project: Beam
>          Issue Type: Improvement
>          Components: java-fn-execution, runner-flink
>            Reporter: sunjincheng
>            Assignee: sunjincheng
>            Priority: P2
>             Fix For: 2.20.0
>
>          Time Spent: 8h 40m
>  Remaining Estimate: 0h
>
> When submitting a Python word count job to a Flink session/standalone cluster repeatedly, the meta space usage of the task manager of the Flink cluster will continuously increase (about 40MB each time). The reason is that the Beam classes are loaded with the user class loader in Flink and there are problems with the implementation of `ProcessManager`(from Beam) and `ThreadPoolCache`(from netty) which may cause the user class loader could not be garbage collected even after the job finished which causes the meta space memory leak eventually. You can refer to FLINK-15338[1] for more information.
> Regarding to `ProcessManager`, I have created a JIRA BEAM-9006[2] to track it. Regarding to `ThreadPoolCache`, it is a Netty problem and has been fixed in NETTY#8955[3]. Netty 4.1.35 Final has already included this fix and GRPC 1.22.0 has already dependents on Netty 4.1.35 Final. So we need to bump the version of GRPC to 1.22.0+ (currently 1.21.0).
>  
> What do you think?
> [1] https://issues.apache.org/jira/browse/FLINK-15338
> [2] https://issues.apache.org/jira/browse/BEAM-9006
> [3] [https://github.com/netty/netty/pull/8955]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)