Update outdated dependencies: jetty, jersey and others #9942
Conversation
|
Automated checks report:
Some checks failed. Please fix the reported issues and reply 'alluxio-bot, check this please' to re-run checks. |
|
Merged build finished. Test FAILed. |
|
Test FAILed. |
|
Merged build finished. Test FAILed. |
|
Test FAILed. |
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
|
@witgo thanks for updating the dependency. In general in this project, we update the version of an external dependency if we hit bugs, security or performance issues on the existing ones. Otherwise, updating the versions of other client-side dependencies (e.g., alluxio-client may depend on) is not typically encouraged because they may cause dependency conflicts on application side. On server-side, the requirement is less strict. Among the dependencies updated in this PR, do you have them in one of the above buckets? |
|
grpc => DoS vulnerability CVE-2019-9515 (SETTINGS flood) rocksdb => ARM jersey => jdk 11 |
witgo
force-pushed
the
update_outdated_dep
branch
from
22c61dc
to
6a61c15
Compare
witgo
changed the title
|
Merged build finished. Test FAILed. |
|
Test FAILed. |
|
Merged build finished. Test FAILed. |
|
Test FAILed. |
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
witgo
force-pushed
the
update_outdated_dep
branch
from
2d20f32
to
d9a7b97
Compare
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
witgo
force-pushed
the
update_outdated_dep
branch
2 times, most recently
from
663e753
to
8bdac5e
Compare
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
| @@ -70,6 +70,10 @@ | |||
| <groupId>org.glassfish.jersey.core</groupId> | |||
| <artifactId>jersey-server</artifactId> | |||
| </dependency> | |||
| <dependency> | |||
| <groupId>org.glassfish.jersey.inject</groupId> | |||
There was a problem hiding this comment.
is this package used anywhere?
There was a problem hiding this comment.
There was a problem hiding this comment.
I think this link provides a better explanation: https://eclipse-ee4j.github.io/jersey.github.io/release-notes/2.26.html
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
witgo
changed the title
witgo
force-pushed
the
update_outdated_dep
branch
from
b96aa53
to
4cac1d4
Compare
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
|
@ZacBlanco Can you take a look? |
witgo
force-pushed
the
update_outdated_dep
branch
from
4cac1d4
to
268a644
Compare
witgo
changed the title
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
| @@ -70,6 +70,10 @@ | |||
| <groupId>org.glassfish.jersey.core</groupId> | |||
| <artifactId>jersey-server</artifactId> | |||
| </dependency> | |||
| <dependency> | |||
| <groupId>org.glassfish.jersey.inject</groupId> | |||
There was a problem hiding this comment.
I think this link provides a better explanation: https://eclipse-ee4j.github.io/jersey.github.io/release-notes/2.26.html
|
Merged build finished. Test FAILed. |
|
Test FAILed. |
|
The failed UT looks irrelevant |
|
jenkins, test this please |
|
Merged build finished. Test PASSed. |
|
Test PASSed. |
ZacBlanco
changed the title
|
Automated checks report:
All checks passed! |
|
alluxio-bot, merge this please |
### What changes are proposed in this pull request? add back netty dependency within grpc ### Why are the changes needed? previously we exclude netty dependency since we already have netty-all outside #9942 But due to grpc/grpc-java#11284, we sometimes have incompatibility between grpc and netty, and it's better to use shaded netty within grpc so we can be sure that they are compatible. ### Does this PR introduce any user facing changes? na pr-link: #18642 change-id: cid-65d86f315e023592060b6a9f864bfe2a972dfe68
No description provided.