From d88c2183ceaaaeb17fabf879771d0f598d7cd8e5 Mon Sep 17 00:00:00 2001
From: Luke Chen <showuon@gmail.com>
Date: Wed, 16 Apr 2025 12:45:07 +0900
Subject: [PATCH] MINOR: Upgrade Netty to 4.19 (#19484)

CVE-2025-24970: Netty, an asynchronous, event-driven network application
framework, has a vulnerability starting in version 4.1.91.Final and
prior to version 4.1.118.Final.

Reviewers: TengYao Chi <kitingiao@gmail.com>
---
 gradle/dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 6eab0d0506e..5b982cac555 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -141,7 +141,7 @@ versions += [
   lz4: "1.8.0",
   mavenArtifact: "3.9.6",
   metrics: "2.2.0",
-  netty: "4.1.115.Final",
+  netty: "4.1.119.Final",
   opentelemetryProto: "1.0.0-alpha",
   protobuf: "3.25.5", // a dependency of opentelemetryProto
   pcollections: "4.0.1",