Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update frauddetectionservice #169

Merged
merged 1 commit into from
Nov 6, 2024
Merged

chore(deps): update frauddetectionservice #169

merged 1 commit into from
Nov 6, 2024

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Oct 13, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
com.google.protobuf:protobuf-java (source) dependencies patch 3.25.0 -> 3.25.5
io.grpc:grpc-netty dependencies minor 1.59.0 -> 1.60.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 7.5 CVE-2024-7254

By merging this PR, the issue #93 will be automatically resolved and closed:

Severity CVSS Score CVE
High High 7.5 CVE-2023-44487

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Medium Medium 5.3 CVE-2024-29025

Release Notes

grpc/grpc-java (io.grpc:grpc-netty)

v1.60.0

API Changes
  • api: Stabilize ForwardingServerBuilder, ForwardingChannelBuilder2, and ForwardingChannelBuilder. Note that ForwardingChannelBuilder is stabilized (no changes will be made to it), but immediately deprecated in favor of ForwardingChannelBuilder2. (#​10586)
  • api: Deprecate ForwardingChannelBuilder.delegate(). De facto this deprecates the class itself, since all classes extending ForwardingChannelBuilder implement the delegate() method. See javadoc for details (#​10587)
  • api: Changed recently-introduced LoadBalancer.acceptResolvedAddresses() to return Status instead of boolean (#​10636). This is part of continued work to align the LB API cross-language and API stabilization
  • stub: Deprecate StreamObservers (#​10654)
  • alts: AltsChannelBuilder now extends ForwardingChannelBuilder2 (#​10587)
  • protobuf: Stabilize ProtoUtils.metadataMarshaller() (#​10628)
  • protobuf-lite: ProtoLiteUtils experimental comment (#​10627)
Behavior Changes
  • core: ManagedChannels now check the address types provided by the nameResolver (for the given target) with the address types supported by the channel transport and generate an error in case of mismatch. That dramatically improves the error message when an issue occurs
  • core: When a server stream is closed due to user's code (an uncaught exception in halfClosed, messagesAvailable, onReady callback of a ServerStream's listener), the Status.UNKNOWN returned to the client will have Application error processing RPC description. Previously the description was empty. This is helpful to differentiate between server errors originated in user application, gRPC library, or even those injected by a proxy. (#​10643)
  • xds: Log ORCA UNIMPLEMENTED error to subchannel logger. This removes them from the normal application logs, reducing log spam
Improvements
  • Change the underlying implementations of RingHash, RoundRobin, WeightedRoundRobin and LeastRequest load balancers to utilize the pick first load balancer rather than directly manage subchannels. This should only be noticeable if it introduced a bug
  • core: Avoid flushing headers when the server returns a single response (#​9314). This is a performance optimization to reduce the number of packets for non-streaming responses
  • util: Make grpc-core an implementation dependency. This will prevent the io.grpc.internal classes in grpc-core from being visible during compilation when depending on just grpc-util
  • netty: Implement Http2Headers.isEmpty(). This fixes compatibility with Netty 4.1.101.Final.
  • netty: Add NettyServerBuilder.maxRstFramesPerWindow(). This can be used to limit impact of Rapid Reset
  • netty: Disable huffman coding in headers (#​10563). Huffman coding provides modest compression for relatively high CPU usage, especially within a data center. Rely just on the HPACK static and dynamic tables for compression, for higher performance. This only impacts header values 512 bytes or longer, as Netty already disabled Huffman for smaller values
  • alts: Improve handshake failure error message by propagating original exception (#​10644)
Bug Fixes
  • util: Remove shutdown subchannels from OD tracking (#​10683). This could have caused a memory leak on a long-lived channel. But we don’t think it could be triggered with our built-in load balancing policies.
Dependencies
  • Bump Netty to 4.1.100.Final
Acknowledgements

@​anthonyjpratti
@​fedorka
@​jpd236
@​mateusazis
@​pkoenig10
@​yannickepstein
@​amirhadadi

v1.59.1

  • netty: Implement Http2Headers.isEmpty(). This fixes compatibility with Netty 4.1.101.Final.
  • netty: Add NettyServerBuilder.maxRstFramesPerWindow(). This can be used to limit impact of Rapid Reset
  • xds: Log ORCA UNIMPLEMENTED error to subchannel logger. This removes them from the normal application logs, reducing log spam
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Oct 13, 2024
@github-actions GitHub Actions
Copy link

This PR was marked stale due to lack of activity. It will be closed in 7 days.

@github-actions github-actions bot added Stale and removed Stale labels Oct 22, 2024
@Swiddis Swiddis merged commit 997d320 into main Nov 6, 2024
41 of 47 checks passed
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/frauddetectionservice branch November 6, 2024 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Swiddis Swiddis Swiddis approved these changes

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@rupal-bq rupal-bq Awaiting requested review from rupal-bq

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@vamsi-amazon vamsi-amazon Awaiting requested review from vamsi-amazon vamsi-amazon is a code owner

Assignees

@ps48 ps48

@kavithacm kavithacm

@derek-ho derek-ho

@joshuali925 joshuali925

@Swiddis Swiddis

@dai-chen dai-chen

@YANG-DB YANG-DB

@rupal-bq rupal-bq

@mengweieric mengweieric

@vamsi-amazon vamsi-amazon

Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@Swiddis @ps48 @kavithacm @derek-ho @joshuali925 @dai-chen @YANG-DB @rupal-bq @mengweieric @vamsi-amazon