Abacn commented on code in PR #34975:
URL: https://github.com/apache/beam/pull/34975#discussion_r2093411260
##########
buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy:
##########
@@ -636,7 +636,7 @@ class BeamModulePlugin implements Plugin<Project> {
def log4j2_version = "2.20.0"
def nemo_version = "0.1"
// [bomupgrader] determined by: io.grpc:grpc-netty, consistent with:
google_cloud_platform_libraries_bom
- def netty_version = "4.1.118.Final"
+ def netty_version = "4.1.110.Final"
Review Comment:
I think we should relay to GCP-BOM for lower priority vulneribility rather
than overwrite dependency versions managed by GCP-BOM as it isn't tested to
work amongst gcp components.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@beam.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
