[issue-8297] upgrade netty due to security concerns

[pjfanning]

Description

update netty jars due to security concerns

Upgrade Notes

Does this PR prevent a zero down-time upgrade? (Assume upgrade order: Controller, Broker, Server, Minion)

• Yes (Please label as backward-incompat, and complete the section below on Release Notes)

Does this PR fix a zero-downtime upgrade introduced earlier?

• Yes (Please label this as backward-incompat, and complete the section below on Release Notes)

Does this PR otherwise need attention when creating release notes? Things to consider:

• New configuration options
• Deprecation of configurations
• Signature changes to public methods/interfaces
• New plugins added or old plugins removed

• Yes (Please label this PR as release-notes and complete the section on Release Notes)

Release Notes

Documentation

[codecov-commenter]

Codecov Report

Merging #8298 (1383fd7) into master (46ed731) will decrease coverage by 40.04%.
The diff coverage is n/a.

@@              Coverage Diff              @@
##             master    #8298       +/-   ##
=============================================
- Coverage     70.83%   30.78%   -40.05%     
=============================================
  Files          1631     1619       -12     
  Lines         85462    85108      -354     
  Branches      12877    12839       -38     
=============================================
- Hits          60539    26203    -34336     
- Misses        20746    56556    +35810     
+ Partials       4177     2349     -1828     

Flag	Coverage Δ
integration1	28.93% <ø> (-0.05%)	⬇️
integration2	27.63% <ø> (+0.02%)	⬆️
unittests1	?
unittests2	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
.../java/org/apache/pinot/spi/utils/BooleanUtils.java	0.00% <0.00%> (-100.00%)	⬇️
...ava/org/apache/pinot/spi/config/table/FSTType.java	0.00% <0.00%> (-100.00%)	⬇️
...ava/org/apache/pinot/spi/data/MetricFieldSpec.java	0.00% <0.00%> (-100.00%)	⬇️
...va/org/apache/pinot/spi/utils/BigDecimalUtils.java	0.00% <0.00%> (-100.00%)	⬇️
...java/org/apache/pinot/common/tier/TierFactory.java	0.00% <0.00%> (-100.00%)	⬇️
...a/org/apache/pinot/spi/config/table/TableType.java	0.00% <0.00%> (-100.00%)	⬇️
.../org/apache/pinot/spi/data/DimensionFieldSpec.java	0.00% <0.00%> (-100.00%)	⬇️
.../org/apache/pinot/spi/data/readers/FileFormat.java	0.00% <0.00%> (-100.00%)	⬇️
...org/apache/pinot/spi/config/table/QuotaConfig.java	0.00% <0.00%> (-100.00%)	⬇️
...org/apache/pinot/spi/config/tenant/TenantRole.java	0.00% <0.00%> (-100.00%)	⬇️
... and 1119 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 46ed731...1383fd7. Read the comment docs.

[GSharayu]

Hi @pjfanning , Can you please rebase this PR with latest master

[GSharayu]

cc @jackjlli @siddharthteotia @jasperjiaguo

[siddharthteotia]

Please rebase

[pjfanning]

I rebased this but there are problems with pinot-pulsar and its unit tests. It appears that something in the version of pulsar that pinot-pulsar uses that relies on the old netty.

I'm not an expert on pinot or pulsar and might need to leave this to someone else to solve.

It might be better to upgrade pulsar first before trying to update netty.