-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MINOR: [Java] Bump io.grpc:grpc-bom from 1.65.0 to 1.65.1 in /java #43264
Conversation
bcf1c59
to
ee4f809
Compare
@github-actions crossbow submit -g java |
Revision: ee4f809 Submitted crossbow builds: ursacomputing/crossbow @ actions-dda7f3e8cc |
ee4f809
to
88b9639
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.65.0 -> 1.65.1 is a noop when using netty v4.1.111.Final+ (Arrow is using v4.1.112)
Looks like CI is broken though.. |
@dependabot rebase |
88b9639
to
636dc3e
Compare
@danepitkin there is a protobuf related issue in https://github.com/apache/arrow/actions/runs/10100575453/job/27932234113?pr=43264#step:7:4064 |
Bumps [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) from 1.63.0 to 1.65.1. - [Release notes](https://github.com/grpc/grpc-java/releases) - [Commits](grpc/grpc-java@v1.63.0...v1.65.1) --- updated-dependencies: - dependency-name: io.grpc:grpc-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
636dc3e
to
a89a5ae
Compare
Looks like they started building against a newer libc++. Might be worth poking upstream... |
Yep, you're right. I didn't expect them to throw that into a minor release: grpc/grpc-java@c2a3ed3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removing approval
Could it be a new build requirement? We already switched to Java 11, could we possibly require a newer Linux version to build Arrow Java (but it would not change the runtime requirement as it generates java classes?) |
I think we're doing our best to maintain CentOS 7 compatibility for now (despite the deprecation). That said yes, requiring a newer version for builds might be an option. CC @assignUser for opinions/options perhaps? |
Hm I am not sure if just building on 8+ will work as it links dynamically against a newer libstdc++ than is available in centos 7, so it would probably not work. Maybe we can build under devtoolset? |
nvm we are already using devtool set so grpc would need to be built with it I guess... |
As discussed at #41395 (comment), we would like to maintain support for CentOS 7 for a while longer if possible. If this upgrade from 1.65.0 to 1.65.1 does not patch any CVEs or fix any known problems (and if it is not needed to enable us to upgrade other dependencies that patch CVEs or fix known problems) then we could stay at 1.65.0 for the time being? I recognize that as these deferred version bumps start to accumulate, eventually we will have to just go ahead and drop CentOS 7 support. I trust your judgement on when it's time to throw in the towel and just do it. |
I don't see mention of a CVE but I see a possible fix to address compatibility issue with Netty 4.1.111. Technically since it only impacts the java code base, it does not directly impact Centos7 compatibility. But because we are building C++ and Java code at the same time, I recognize that changing base OS used to build Arrow Java would impact CentOS compatibility for Arrow C++. Another question I have is how it will impact the way we link with libstdc++? |
Superseded by #43657. |
Bumps io.grpc:grpc-bom from 1.63.0 to 1.65.1.
Release notes
Sourced from io.grpc:grpc-bom's releases.
... (truncated)
Commits
a2adefa
Bump version to 1.65.1f1a0af2
Update README etc to reference 1.65.197aa34f
Restore old behavior of NettyAdaptiveCumulator, but avoid using that class if...c2a3ed3
compiler: Upgrade from CentOS 7 to AlmaLinux 8 (#11370)b2665c0
Bump version to 1.65.1-SNAPSHOT6296726
Bump version to 1.65.04d25c34
Update README etc to reference 1.65.0fb761a1
services: restore //services:binarylog bazel target (#11292)3c97245
util: Add ExperimentalApi to AdvancedTlsX509KeyManagerc11b560
Remove unused imports from CSM Observability example (#11307) (#11310)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)