Skip to content

[CTM-453, CTM-451] Update netty & logback#4905

Merged
calypsomatic merged 2 commits into
developfrom
bm/ctm-453_netty
May 5, 2026
Merged

[CTM-453, CTM-451] Update netty & logback#4905
calypsomatic merged 2 commits into
developfrom
bm/ctm-453_netty

Conversation

@calypsomatic
Copy link
Copy Markdown
Contributor

@calypsomatic calypsomatic commented May 4, 2026
edited
Loading

Jira ticket: https://broadworkbench.atlassian.net/browse/CTM-453
https://broadworkbench.atlassian.net/browse/CTM-451

Summary of changes

  • Update logback-classic to 1.5.25, which will pull in logback-core 1.5.25 transitively.
  • Pin netty-codec-http to 4.1.132.Final via dependencyOverrides to address a security vulnerability in the previously resolved version
    • dependencyOverrides is used rather than libraryDependencies because it forces the version regardless of what transitive dependencies request — a hard pin that wins conflict resolution
    • Applied in commonSettings so the override covers all subprojects (core, http, automation)
    • Only netty-codec-http is pinned (not the full Netty BOM) since the CVE is specific to that artifact; sbt evicted should be checked post-merge to confirm no version skew with other Netty artifacts

Testing these changes

What to test

Who tested and where

  • This change is covered by automated tests
    • NB: Rerun automation tests on this PR by commenting jenkins retest or jenkins multi-test.
  • I validated this change
  • Primary reviewer validated this change
  • I validated this change in the dev environment

@calypsomatic calypsomatic changed the title update netty [CTM-453] Update netty May 4, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.08%. Comparing base (4622db0) to head (473c1d6).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##           develop    #4905   +/-   ##
========================================
  Coverage    74.08%   74.08%           
========================================
  Files          131      131           
  Lines        11100    11100           
  Branches       895      895           
========================================
  Hits          8223     8223           
  Misses        2877     2877

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4622db0...473c1d6. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@calypsomatic calypsomatic changed the title [CTM-453] Update netty [CTM-453, CTM-451] Update netty & logback May 4, 2026
@calypsomatic calypsomatic marked this pull request as ready for review May 4, 2026 19:37
@calypsomatic calypsomatic requested a review from a team as a code owner May 4, 2026 19:37
@calypsomatic calypsomatic requested review from aednichols May 5, 2026 14:05
@calypsomatic calypsomatic merged commit 61186a3 into develop May 5, 2026
23 of 24 checks passed
@calypsomatic calypsomatic deleted the bm/ctm-453_netty branch May 5, 2026 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aednichols aednichols aednichols approved these changes

@LizBaldo LizBaldo LizBaldo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@calypsomatic @aednichols @LizBaldo