Bump netty version from 4.1.77 to 4.1.89 (#3565)

* Bump netty version from 4.1.77 to 4.1.89

Bump netty versions to fix [CVE-2022-41881](https://nvd.nist.gov/vuln/detail/CVE-2022-41881)

Compatibility: https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty

grpc.version 1.54.0
netty.version 4.1.89.Final
netty.tcnative.version 2.0.56.Final

* fix GRPC sample code after grpc upgrade

* netty 4.1.89.Final

reactor-netty-http doesn't have 4.1.87.Final
in their released versions.
reactor-netty-http 1.1.3 has 4.1.89.Final.

---------

Co-authored-by: Shama Hegde <shama358@gmail.com>

infrastructure/src/main/java/org/corfudb/infrastructure/logreplication/transport/sample/GRPCLogReplicationClientChannelAdapter.java

@@ -2,6 +2,7 @@
 
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
+import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
 import io.grpc.stub.StreamObserver;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
@@ -17,6 +18,7 @@
 import org.corfudb.util.NodeLocator;
 
 import javax.annotation.Nonnull;
+import java.net.InetSocketAddress;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -77,7 +79,7 @@ public void connectAsync() {
             try {
                 NodeLocator nodeLocator = NodeLocator.parseString(node.getEndpoint());
                 log.info("GRPC create connection to node{}@{}:{}", node.getNodeId(), nodeLocator.getHost(), nodeLocator.getPort());
-                ManagedChannel channel = ManagedChannelBuilder.forAddress(nodeLocator.getHost(), nodeLocator.getPort())
+                ManagedChannel channel = NettyChannelBuilder.forAddress(new InetSocketAddress(nodeLocator.getHost(), nodeLocator.getPort()))
                         .usePlaintext()
                         .build();
                 channelMap.put(node.getNodeId(), channel);
@@ -141,7 +143,7 @@ public void send(@Nonnull String nodeId, @Nonnull RequestMsg request) {
     private void queryLeadership(String nodeId, RequestMsg request) {
         try {
             if (blockingStubMap.containsKey(nodeId)) {
-                ResponseMsg response = blockingStubMap.get(nodeId).withWaitForReady().queryLeadership(request);
+                ResponseMsg response = blockingStubMap.get(nodeId).withDeadlineAfter(10, TimeUnit.SECONDS).queryLeadership(request);
                 receive(response);
             } else {
                 log.warn("Stub not found for remote endpoint {}. Dropping message of type {}",
@@ -157,7 +159,7 @@ private void queryLeadership(String nodeId, RequestMsg request) {
     private void requestMetadata(String nodeId, RequestMsg request) {
         try {
             if (blockingStubMap.containsKey(nodeId)) {
-                ResponseMsg response = blockingStubMap.get(nodeId).withWaitForReady().negotiate(request);
+                ResponseMsg response = blockingStubMap.get(nodeId).withDeadlineAfter(10, TimeUnit.SECONDS).negotiate(request);
                 receive(response);
             } else {
                 log.warn("Stub not found for remote endpoint {}. Dropping message of type {}",

pom.xml

@@ -42,8 +42,8 @@
 
         <!-- Dependency versions -->
         <slf4j.version>1.7.32</slf4j.version>
-        <netty.version>4.1.77.Final</netty.version>
-        <netty.tcnative.version>2.0.52.Final</netty.tcnative.version>
+        <netty.version>4.1.89.Final</netty.version>
+        <netty.tcnative.version>2.0.56.Final</netty.tcnative.version>
         <protobuf.version>3.6.1</protobuf.version>
         <commons.io.version>2.11.0</commons.io.version>
         <lombok.version>1.18.24</lombok.version>

runtime/pom.xml

@@ -24,7 +24,7 @@
         <annotations.api.version>6.0.53</annotations.api.version>
         <ehcahce.sizeOf.version>0.4.0</ehcahce.sizeOf.version>
 
-        <grpc.version>1.46.0</grpc.version>
+        <grpc.version>1.54.0</grpc.version>
     </properties>
 
     <build>