chore(deps): bump io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final in /component-runtime-testing/component-runtime-http-junit in the maven group across 1 directory by dependabot[bot] · Pull Request #1221 · Talend/component-runtime

dependabot · 2026-05-07T08:46:39Z

Bumps the maven group with 1 update in the /component-runtime-testing/component-runtime-http-junit directory: io.netty:netty-codec-http.

Updates io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.1.133.Final

CVEs Fixed

CVE-2026-42586 (netty-codec-redis)

CVE-2026-42578 (netty-handler-proxy)

CVE-2026-42587 (netty-codec-http, netty-codec-http2)

CVE-2026-41417 (netty-codec-http)

CVE-2026-42581 (netty-codec-http)

CVE-2026-42580 (netty-codec-http)

CVE-2026-42585 (netty-codec-http)

CVE-2026-42579 (netty-codec-dns)

CVE-2026-42582 (netty-codec-http3)

CVE-2026-42583 (netty-codec, netty-codec-compression)

CVE-2026-42584 (netty-codec-http)

CVE-2026-44248 (netty-codec-mqtt)

What's Changed

Fix IndexOutOfBoundsException in StompSubframeDecoder on heartbeat by @daguimu in netty/netty#16539

Auto-port 4.1: Fix implementation of strerror_r_xsi for GNU by @netty-project-bot in netty/netty#16561

Auto-port 4.1: Replace usage of strerror with thread-safe alternative by @netty-project-bot in netty/netty#16555

Auto-port 4.1: Kqueue: sendfile EINTR doesn't advance offset — data duplication by @netty-project-bot in netty/netty#16554

Auto-port 4.1: Avoid leak in PemReader on OutOfDirectMemoryError by @netty-project-bot in netty/netty#16576

Auto-port 4.1: Native DNS resolver: Guard against malloc failures by @netty-project-bot in netty/netty#16584

Auto-port 4.1: Include user properties and subscription IDs in MqttProperties#isEmpty by @netty-project-bot in netty/netty#16582

Auto-port 4.1: Fix parsing HTTP chunks with multiple extensions by @netty-project-bot in netty/netty#16588

Auto-port 4.1: Stabilize read-only toStringMultipleThreads1 by @netty-project-bot in netty/netty#16610

Auto-port 4.1: Epoll: Cleanup code to always return negative value on failure by @netty-project-bot in netty/netty#16601

Auto-port 4.1: Stabilize more AbstractByteBufTests by @netty-project-bot in netty/netty#16613

Auto-port 4.1: Stabilize testSessionInvalidate for Conscrypt by @netty-project-bot in netty/netty#16616

Auto-port 4.1: Native transports: Correctly create pipe when pipe2 is not supported by @netty-project-bot in netty/netty#16598

Use stream error for maxContentLength exceeded in InboundHttp2ToHttpAdapter by @daguimu in netty/netty#16558

Fix shutdownInput bug in kqueue for empty recv buffer (#16630) by @normanmaurer in netty/netty#16638

Auto-port 4.1: Kqueue: Fix usage of LOCAL_PEERPID by @netty-project-bot in netty/netty#16646

Auto-port 4.1: HTTP2: Ensure HTTP2 preface is always send as first message by @netty-project-bot in netty/netty#16642

Auto-port 4.1: Propagate exceptions from inner threads in buffer tests by @netty-project-bot in netty/netty#16652

Auto-port 4.1: Add maxFrameLength support to ProtobufVarint32FrameDecoder by @netty-project-bot in netty/netty#16658

Auto-port 4.1: Bump up netty-tcnative to 2.0.76.Final by @netty-project-bot in netty/netty#16672

HTTP2: Ensure HTTP2 preface is always send as first message (also on … by @chrisvest in netty/netty#16675

Improve flaky NioSocketChannelTest (#16679) by @normanmaurer in netty/netty#16681

Deprecate ObjectCleaner and remove usage (#16685) by @chrisvest in netty/netty#16694

Auto-port 4.1: Update to netty-tcnative 2.0.77.Final by @netty-project-bot in netty/netty#16695

Avoid NPE in JdkSslServerContext when TrustManagerFactory returns null by @daguimu in netty/netty#16691

Avoid NPE in JdkSslClientContext when TrustManagerFactory returns null by @daguimu in netty/netty#16690

Auto-port 4.1: Avoid TCPFastOpen in KQueueCompositeBufferGatheringWriteTest by @netty-project-bot in netty/netty#16699

Auto-port 4.1: SCTP: Correctly handle SO_BACKLOG by @netty-project-bot in netty/netty#16715

Fix DiscardClient hang under -Dssl by using a client SSL context by @daguimu in netty/netty#16717

Auto-port 4.1: Consolidate fake exceptions in HTTP/2 tests into Http2TestUtil by @netty-project-bot in netty/netty#16725

Auto-port 4.1: Activate noPrintGC by default by @netty-project-bot in netty/netty#16735

Merge commit from fork by @normanmaurer in netty/netty#16742

New Contributors

... (truncated)

Commits

fb13125 [maven-release-plugin] prepare release netty-4.1.133.Final
815f71a Fix compilation after multiple backports
1986c38 Merge commit from fork
6f69dc9 Merge commit from fork
bf78040 Fix BrotliDecoder not forwarding all decompressed chunks
387bbd0 Merge commit from fork
417ebaa Fix codec-dns tests
3c091ab Merge commit from fork
5d60b87 Fix checkstyle in HttpObjectDecoder
485f11d Merge commit from fork
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the maven group with 1 update in the /component-runtime-testing/component-runtime-http-junit directory: [io.netty:netty-codec-http](https://github.com/netty/netty). Updates `io.netty:netty-codec-http` from 4.1.132.Final to 4.1.133.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.132.Final...netty-4.1.133.Final) --- updated-dependencies: - dependency-name: io.netty:netty-codec-http dependency-version: 4.1.133.Final dependency-type: direct:production dependency-group: maven ... Signed-off-by: dependabot[bot] <support@github.com>

sonar-rnd · 2026-05-07T09:05:55Z

Quality Gate passed

Issues

Measures

Project ID: org.talend.sdk.component:component-runtime

View in SonarQube

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump io.netty:netty-codec-http from 4.1.132.Final to 4.1.133.Final in /component-runtime-testing/component-runtime-http-junit in the maven group across 1 directory#1221

dependabot Bot commented on behalf of github May 7, 2026

Uh oh!

sonar-rnd Bot commented May 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 7, 2026

netty-4.1.133.Final

CVEs Fixed

What's Changed

New Contributors

Uh oh!

sonar-rnd Bot commented May 7, 2026

Quality Gate passed

Issues

Measures

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants