Bump netty from 4.1.97.Final to 4.1.99.Final

[reta]

Description

Bump netty from 4.1.97.Final to 4.1.99.Final

Related Issues

N/A

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Compatibility status:

Checks if related components are compatible with change 92ab960

Incompatible components

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git]

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: FAILURE ❌
• URL: https://build.ci.opensearch.org/job/gradle-check/26609/
• CommitID: 92ab960
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure a flaky test unrelated to your change?

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: UNSTABLE ❕
• TEST FAILURES:

      2 org.opensearch.common.util.concurrent.QueueResizableOpenSearchThreadPoolExecutorTests.classMethod
      1 org.opensearch.smoketest.SmokeTestMultiNodeClientYamlTestSuiteIT.test {yaml=pit/10_basic/Delete all}
      1 org.opensearch.common.util.concurrent.QueueResizableOpenSearchThreadPoolExecutorTests.testResizeQueueDown

• URL: https://build.ci.opensearch.org/job/gradle-check/26615/
• CommitID: 92ab960
  Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[codecov]

Codecov Report

Merging #10306 (92ab960) into main (6003560) will decrease coverage by 0.49%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main   #10306      +/-   ##
============================================
- Coverage     71.11%   70.62%   -0.49%     
+ Complexity    58203    57721     -482     
============================================
  Files          4830     4830              
  Lines        274592   274592              
  Branches      40020    40020              
============================================
- Hits         195267   193928    -1339     
- Misses        62943    64342    +1399     
+ Partials      16382    16322      -60     

see 528 files with indirect coverage changes

[reta]

@kotwanikunal may I ask you please to approve?

[opensearch-trigger-bot]

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-1.3 1.3
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-1.3
# Create a new branch
git switch --create backport/backport-10306-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 beb25b1957321234aa3642977b0f7144318c8d8a
# Push it to GitHub
git push --set-upstream origin backport/backport-10306-to-1.3
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-10306-to-1.3.

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-1.x
# Create a new branch
git switch --create backport/backport-10306-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 beb25b1957321234aa3642977b0f7144318c8d8a
# Push it to GitHub
git push --set-upstream origin backport/backport-10306-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-10306-to-1.x.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-10306-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 beb25b1957321234aa3642977b0f7144318c8d8a
# Push it to GitHub
git push --set-upstream origin backport/backport-10306-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-10306-to-2.x.

[khushbr]

@reta The version 4.1.99Final is a Medium severity vulnerability and causing Security check to fail on dependent repos, see https://github.com/opensearch-project/performance-analyzer/runs/17437686414

@bbarani @gaiksaya Do we want to address this CVE for v2.11.0 ?

[reta]

@reta The version 4.1.99Final is a Medium severity vulnerability and causing Security check to fail on dependent repos, see https://github.com/opensearch-project/performance-analyzer/runs/17437686414

@bbarani @gaiksaya Do we want to address this CVE for v2.11.0 ?

Thanks @khushbr , we have been looking into it (netty/netty#11213) and it seems like quite old issue, moreover we don't have any fix for it, 4.1.99.Final is the latest Netty release.