BryanCutler opened a new pull request, #36211: URL: https://github.com/apache/arrow/pull/36211
### Rationale for this change Upgrading Netty dependency due to CVE https://github.com/advisories/GHSA-6mjq-h674-j845 This also requires a patch to arrow-memory ### What changes are included in this PR? Upgrading Netty, gRPC and Protobuf dependencies <!-- There is no need to duplicate the description in the issue here but it is sometimes worth providing a summary of the individual changes in this PR. --> ### Are these changes tested? Existing tests ### Are there any user-facing changes? No <!-- Please uncomment the line below (and provide explanation) if the changes fix either (a) a security vulnerability, (b) a bug that caused incorrect or invalid data to be produced, or (c) a bug that causes a crash (even when the API contract is upheld). We use this to highlight fixes to issues that may affect users without their knowledge. For this reason, fixing bugs that cause errors don't count, since those are usually obvious. --> **This PR contains a "Critical Fix".** netty-handler SniHandler 16MB allocation The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. https://github.com/advisories/GHSA-6mjq-h674-j845 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
