[
https://issues.apache.org/jira/browse/BEAM-14118?focusedWorklogId=752530&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-752530
]
ASF GitHub Bot logged work on BEAM-14118:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 04/Apr/22 22:26
Start Date: 04/Apr/22 22:26
Worklog Time Spent: 10m
Work Description: lukecwik commented on PR #17206:
URL: https://github.com/apache/beam/pull/17206#issuecomment-1088072974
Typically you rerun by adding a comment like `Run YYY PreCommit`. Each
jenkins job has the key phrase as part of the title. Github actions require you
to click on details and you can rerun them from the UI there. Learn more at
https://beam.apache.org/contribute/#make-your-change
`CommunityMetrics` has been failing for some time and shouldn't be rerun.
Github doesn't allow you to remove jobs that are irrelevant once they have run
without rerunning them all to my knowledge.
Issue Time Tracking
-------------------
Worklog Id: (was: 752530)
Time Spent: 1h 20m (was: 1h 10m)
> beam-vendor-grpc-1_43_2 shades vulnerable Netty version
> -------------------------------------------------------
>
> Key: BEAM-14118
> URL: https://issues.apache.org/jira/browse/BEAM-14118
> Project: Beam
> Issue Type: Improvement
> Components: runner-flink, runner-spark, sdk-java-harness
> Affects Versions: 2.37.0
> Reporter: Arkadiusz Gasinski
> Priority: P2
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> The
> [beam-vendor-grpc-1_43_2|https://mvnrepository.com/artifact/org.apache.beam/beam-vendor-grpc-1_43_2]
> dependency (that is pulled transitively by the beam-runners-flink-1.13)
> shades a vulnerable Netty version, i.e. 4.1.63.Final:
> [https://mvnrepository.com/artifact/io.netty/netty-all/4.1.63.Final]
> In turn, our Beam pipelines builds are marked as vulnerable and we're having
> issues promoting them to higher environments.
> Because Netty is shaded, we can't simply override the version in the build
> tool.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
