Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NONJAVACLI-3460: update third party dependencies #4690

Closed
wants to merge 9 commits into from
Closed

NONJAVACLI-3460: update third party dependencies #4690

wants to merge 9 commits into from

Conversation

janjwerner-confluent
Copy link
Member

No description provided.

@janjwerner-confluent janjwerner-confluent changed the title update third party dependencies NONJAVACLI-3460: update third party dependencies Apr 16, 2024
milindl
milindl reviewed Apr 17, 2024
View reviewed changes
Copy link
Contributor

@milindl milindl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the PR!

The windows versions also require an update. That can be done for zlib, curl, and zstd with updation of vcpkg.json.

src/lz4.h Outdated
@@ -100,7 +100,7 @@ extern "C" {
/*------ Version ------*/
#define LZ4_VERSION_MAJOR 1 /* for breaking interface changes */
#define LZ4_VERSION_MINOR 9 /* for new (non-breaking) interface capabilities */
#define LZ4_VERSION_RELEASE 3 /* for tweaks, bug-fixes, or development */
#define LZ4_VERSION_RELEASE 4 /* for tweaks, bug-fixes, or development */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

upgrading lz4 is trickier, as we have actually copied the entire code into our source tree. An update will look similar to https://github.com/confluentinc/librdkafka/pull/3148/files

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was under the impression that most of the update has already happened, it was just the version update missing:
#4232

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, it was just the CVE fix,
maybe it would be worthwhile to update lz4 as there are some significant performance gains for ARM64 platform:
https://github.com/lz4/lz4/releases

milindl
milindl reviewed Apr 18, 2024
View reviewed changes
mklove/modules/configure.libcurl
@@ -45,8 +45,8 @@ void foo (void) {
function install_source {
local name=$1
local destdir=$2
local ver=7.86.0
local checksum="3dfdd39ba95e18847965cd3051ea6d22586609d9011d91df7bc5521288987a82"
local ver=8.7.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding a note for the team here that curl 8 has no API or ABI changes

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@milindl
Thank you. Can you please see this commit through completion - this is as far as I can go with it.

@milindl
Copy link
Contributor

milindl commented Apr 22, 2024

/sem-approve

@milindl
Copy link
Contributor

milindl commented Apr 22, 2024

Running CI, and then I'll run try running OIDC tests locally to test out the libcurl update.

@janjwerner-confluent
Copy link
Member Author

@milindl
Can we bump openssl while we're here or should I create another ticket /pr ?

@milindl
Copy link
Contributor

milindl commented Apr 24, 2024

I can bump it here, we're changing things anyway. However, openssl bumps are partial, linux only, because the latest versions of openssl 3.0.x are not available on vcpkg.

@milindl
Copy link
Contributor

milindl commented Apr 24, 2024

Closing and reopening this to try and make sem-approve work.

@milindl milindl closed this Apr 24, 2024
@milindl milindl reopened this Apr 24, 2024
@milindl
Copy link
Contributor

milindl commented Apr 24, 2024

/sem-approve

@milindl
Copy link
Contributor

milindl commented Apr 24, 2024

In the latest changes (which include openssl bump):

  1. I compiled with ./configure --install-deps --source-deps-only --disable-lz4-ext --enable-static --enable-strip --disable-gssapi
  2. Ran all integration tests with interactive-broker-version 3.7.0
  3. Ran the OIDC integration test (the test seems to be failing for an unrelated reason, but the curl request/response is working correctly, I added some log statements to check the response. The test fails after that, there's something wrong in the broker that trivup has set up).

@janjwerner-confluent
Copy link
Member Author

janjwerner-confluent commented Apr 24, 2024
edited

resolves ( with downstream propagation)
#4653
#4664
confluentinc/confluent-kafka-dotnet#2203

@janjwerner-confluent janjwerner-confluent deleted the janjwerner/dep-update branch May 3, 2024 13:11
@janjwerner-confluent
Copy link
Member Author

replacing the branch name to dev_janjwerner_deps_update per @milindl suggestion

@janjwerner-confluent janjwerner-confluent mentioned this pull request May 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@milindl milindl milindl left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@janjwerner-confluent @milindl