Details
-
Improvement
-
Status: Open
-
P2
-
Resolution: Unresolved
-
2.37.0
-
None
Description
The beam-vendor-grpc-1_43_2 dependency (that is pulled transitively by the beam-runners-flink-1.13) shades a vulnerable Netty version, i.e. 4.1.63.Final: https://mvnrepository.com/artifact/io.netty/netty-all/4.1.63.Final
In turn, our Beam pipelines builds are marked as vulnerable and we're having issues promoting them to higher environments.
Because Netty is shaded, we can't simply override the version in the build tool.
Attachments
Issue Links
- links to