Skip to content

Bump software.amazon.awssdk:* from 2.30.31 to 2.34.1 #19383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Bump software.amazon.awssdk:* from 2.30.31 to 2.34.1 #19383

wants to merge 2 commits into from

Conversation

@dbwiddis
Copy link
Member

@dbwiddis dbwiddis commented Sep 23, 2025
edited
Loading

Description

Bumps the version of all software.amazon.awssdk dependencies from 2.30.31 to 2.34.1.

Related Issues

Resolves CVE-2025-55163 in downstream dependencies from io.netty-netty-codec-http2@4.1.118.Final transitively imported from software.amazon.awssdk-annotations@2.30.31 and other sdk dependencies.

Upgrading to 2.34.1 bumps netty-codec-http2 to 4.1.126.Final.

Check List

  • Functionality includes testing.
  • [ ] API changes companion pull request created, if applicable.
  • [ ] Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dbwiddis dbwiddis requested a review from a team as a code owner September 23, 2025 19:31
@cwperks
Copy link
Member

cwperks commented Sep 23, 2025

FYI This is going to conflict with a PR I have open here: #19220

@github-actions
Copy link
Contributor

github-actions bot commented Sep 23, 2025

❌ Gradle check result for 3f173a9: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@dbwiddis
Bump software.amazon.awssdk:* from 2.30.31 to 2.34.1
6f10a6b 
Signed-off-by: Daniel Widdis <widdis@gmail.com>
@github-actions
Copy link
Contributor

github-actions bot commented Sep 23, 2025

❌ Gradle check result for 6f10a6b: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@dbwiddis
Copy link
Member Author

dbwiddis commented Sep 23, 2025
edited
Loading

Debugging this:

Missing classes:
  * software.amazon.awssdk.utilslite.SdkInternalThreadLocal

Seems some classes from utils moved to utils-lite with v. 2.34.0. https://central.sonatype.com/artifact/software.amazon.awssdk/utils-lite

@dbwiddis
Add utils-lite dependency for migrated package
3d8bb0b 
Signed-off-by: Daniel Widdis <widdis@gmail.com>
@dbwiddis
Copy link
Member Author

dbwiddis commented Sep 23, 2025

FYI This is going to conflict with a PR I have open here: #19220

@cwperks Since your version 2.32.29 effectively resolves this CVE (imports 4.1.124.Final) I'll just close this PR

(And I had just finished getting all the new license and notice files!)

@dbwiddis dbwiddis closed this Sep 23, 2025
@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Sep 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sandeshkr419 sandeshkr419 Awaiting requested review from sandeshkr419

@backslasht backslasht Awaiting requested review from backslasht

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dbwiddis @cwperks