From 1e59f243455954f1793f4b94931cee844c1e425e Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 19 Nov 2024 10:35:33 +0530 Subject: [PATCH 1/5] Update netty version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 2b37bab26..924f8661b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -10,7 +10,7 @@ slf4jVersion=1.7.30 protoGoogleCommonsVersion=1.17.0 protobufJavaVersion=3.25.5 jknackHandlebarsVersion=4.0.6 -nettyVersion=4.1.108.Final +nettyVersion=4.1.115.Final nettyTcnativeVersion=2.0.65.Final picocliVersion=4.0.1 githubSpotbugsVersion=5.0.14 From 0b23a118bb80b79659d27be1405715f8ad498cf7 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 19 Nov 2024 10:35:56 +0530 Subject: [PATCH 2/5] Update changelog --- changelog.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/changelog.md b/changelog.md index 7912c1a47..7eae150a4 100644 --- a/changelog.md +++ b/changelog.md @@ -4,6 +4,12 @@ This file contains all the notable changes done to the Ballerina gRPC package th The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Fixed + +- [Address CVE-2024-47535 vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/7358) + ## [1.12.1] - 2024-09-26 ### Fixed From 128de55986b937c1345dd870a6cbf345e06b93ee Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 19 Nov 2024 10:37:15 +0530 Subject: [PATCH 3/5] Update workflow templates to 2201.10.x --- .github/workflows/build-timestamped-master.yml | 2 +- .github/workflows/build-with-bal-test-graalvm.yml | 2 +- .github/workflows/central-publish.yml | 2 +- .github/workflows/process-load-test-result.yml | 2 +- .github/workflows/publish-release.yml | 2 +- .github/workflows/pull-request.yml | 2 +- .github/workflows/trigger-load-tests.yml | 2 +- .github/workflows/trivy-scan.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-timestamped-master.yml b/.github/workflows/build-timestamped-master.yml index 5402145f2..04c7f5bfd 100644 --- a/.github/workflows/build-timestamped-master.yml +++ b/.github/workflows/build-timestamped-master.yml @@ -14,5 +14,5 @@ jobs: call_workflow: name: Run Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-timestamp-master-template.yml@2201.10.x secrets: inherit diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index 313df8f04..d089bf41a 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -30,7 +30,7 @@ jobs: call_stdlib_workflow: name: Run StdLib Workflow if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} - uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/build-with-bal-test-graalvm-template.yml@2201.10.x with: lang_tag: ${{ inputs.lang_tag }} lang_version: ${{ inputs.lang_version }} diff --git a/.github/workflows/central-publish.yml b/.github/workflows/central-publish.yml index 2634fd680..b7d5faca0 100644 --- a/.github/workflows/central-publish.yml +++ b/.github/workflows/central-publish.yml @@ -16,7 +16,7 @@ jobs: call_workflow: name: Run Central Publish Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/central-publish-template.yml@2201.10.x secrets: inherit with: environment: ${{ github.event.inputs.environment }} diff --git a/.github/workflows/process-load-test-result.yml b/.github/workflows/process-load-test-result.yml index 6aa142c97..f82e2e181 100644 --- a/.github/workflows/process-load-test-result.yml +++ b/.github/workflows/process-load-test-result.yml @@ -6,7 +6,7 @@ on: jobs: call_stdlib_process_load_test_results_workflow: name: Run StdLib Process Load Test Results Workflow - uses: ballerina-platform/ballerina-library/.github/workflows/process-load-test-results-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/process-load-test-results-template.yml@2201.10.x with: results: ${{ toJson(github.event.client_payload.results) }} secrets: diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 2b681aef8..9d4f75760 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -9,7 +9,7 @@ jobs: call_workflow: name: Run Release Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/release-package-template.yml@2201.10.x secrets: inherit with: package-name: grpc diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index ecfa72cec..936284e61 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -10,5 +10,5 @@ jobs: call_workflow: name: Run PR Build Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/pull-request-build-template.yml@2201.10.x secrets: inherit diff --git a/.github/workflows/trigger-load-tests.yml b/.github/workflows/trigger-load-tests.yml index 10b4e563c..ad460932c 100644 --- a/.github/workflows/trigger-load-tests.yml +++ b/.github/workflows/trigger-load-tests.yml @@ -22,7 +22,7 @@ jobs: call_stdlib_trigger_load_test_workflow: name: Run StdLib Load Test Workflow if: ${{ github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository_owner == 'ballerina-platform') }} - uses: ballerina-platform/ballerina-library/.github/workflows/trigger-load-tests-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/trigger-load-tests-template.yml@2201.10.x with: repo_name: 'module-ballerina-grpc' runtime_artifacts_url: 'https://api.github.com/repos/ballerina-platform/module-ballerina-grpc/actions/artifacts' diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index c02c8ff42..c29d8f2a6 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -9,5 +9,5 @@ jobs: call_workflow: name: Run Trivy Scan Workflow if: ${{ github.repository_owner == 'ballerina-platform' }} - uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@main + uses: ballerina-platform/ballerina-library/.github/workflows/trivy-scan-template.yml@2201.10.x secrets: inherit From 1462900eab604accc93db79ae0d00864d84b4729 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 19 Nov 2024 10:41:38 +0530 Subject: [PATCH 4/5] [Automated] Update the native jar versions --- ballerina/Ballerina.toml | 48 +++++++++++++++++------------------ ballerina/CompilerPlugin.toml | 2 +- ballerina/Dependencies.toml | 6 ++--- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml index d03fe7094..32f9365e9 100644 --- a/ballerina/Ballerina.toml +++ b/ballerina/Ballerina.toml @@ -1,7 +1,7 @@ [package] org = "ballerina" name = "grpc" -version = "1.12.1" +version = "1.12.2" distribution = "2201.10.0" authors = ["Ballerina"] keywords = ["network", "grpc", "protobuf", "server-streaming", "client-streaming", "bidirectional-streaming"] @@ -16,11 +16,11 @@ graalvmCompatible = true [[platform.java17.dependency]] groupId = "io.ballerina.stdlib" artifactId = "grpc-native" -version = "1.12.1" -path = "../native/build/libs/grpc-native-1.12.1.jar" +version = "1.12.2" +path = "../native/build/libs/grpc-native-1.12.2-SNAPSHOT.jar" [[platform.java17.dependency]] -path = "../test-utils/build/libs/grpc-test-utils-1.12.1.jar" +path = "../test-utils/build/libs/grpc-test-utils-1.12.2-SNAPSHOT.jar" scope = "testOnly" [[platform.java17.dependency]] @@ -40,62 +40,62 @@ path = "./lib/http-native-2.12.0.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-common" -version = "4.1.108.Final" -path = "./lib/netty-common-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-common-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-buffer" -version = "4.1.108.Final" -path = "./lib/netty-buffer-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-buffer-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport" -version = "4.1.108.Final" -path = "./lib/netty-transport-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-transport-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-resolver" -version = "4.1.108.Final" -path = "./lib/netty-resolver-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-resolver-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler" -version = "4.1.108.Final" -path = "./lib/netty-handler-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-handler-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http" -version = "4.1.108.Final" -path = "./lib/netty-codec-http-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-http-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec" -version = "4.1.108.Final" -path = "./lib/netty-codec-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-handler-proxy" -version = "4.1.108.Final" -path = "./lib/netty-handler-proxy-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-handler-proxy-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-codec-http2" -version = "4.1.108.Final" -path = "./lib/netty-codec-http2-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-codec-http2-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "io.netty" artifactId = "netty-transport-native-unix-common" -version = "4.1.108.Final" -path = "./lib/netty-transport-native-unix-common-4.1.108.Final.jar" +version = "4.1.115.Final" +path = "./lib/netty-transport-native-unix-common-4.1.115.Final.jar" [[platform.java17.dependency]] groupId = "commons.pool.wso2" diff --git a/ballerina/CompilerPlugin.toml b/ballerina/CompilerPlugin.toml index 32560585a..12dc5f592 100644 --- a/ballerina/CompilerPlugin.toml +++ b/ballerina/CompilerPlugin.toml @@ -3,4 +3,4 @@ id = "grpc-compiler-plugin" class = "io.ballerina.stdlib.grpc.plugin.GrpcCompilerPlugin" [[dependency]] -path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.12.1.jar" +path = "../compiler-plugin/build/libs/grpc-compiler-plugin-1.12.2-SNAPSHOT.jar" diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 064d095a6..d2da57a43 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -68,7 +68,7 @@ dependencies = [ [[package]] org = "ballerina" name = "grpc" -version = "1.12.1" +version = "1.12.2" dependencies = [ {org = "ballerina", name = "auth"}, {org = "ballerina", name = "crypto"}, @@ -94,7 +94,7 @@ modules = [ [[package]] org = "ballerina" name = "http" -version = "2.12.0" +version = "2.12.2" scope = "testOnly" dependencies = [ {org = "ballerina", name = "auth"}, @@ -263,7 +263,7 @@ modules = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, From e8575e3668c79d07476594aeea074dd0c7a07763 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 19 Nov 2024 10:51:10 +0530 Subject: [PATCH 5/5] Add graalvm check for 2201.10.x PRs --- .github/workflows/build-with-bal-test-graalvm.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-with-bal-test-graalvm.yml b/.github/workflows/build-with-bal-test-graalvm.yml index d089bf41a..b5c6e5d62 100644 --- a/.github/workflows/build-with-bal-test-graalvm.yml +++ b/.github/workflows/build-with-bal-test-graalvm.yml @@ -20,6 +20,7 @@ on: pull_request: branches: - master + - 2201.10.x types: [opened, synchronize, reopened, labeled, unlabeled] concurrency: