Merge branch 'master' into fix/commons_lang3_upgrade_non_vulnerable_version

Author: relaxedboi

CHANGELOG.md

@@ -14,6 +14,15 @@ and what APIs have changed, if applicable.
 
 ## [Unreleased]
 
+## [29.74.1] - 2025-08-13
+- Add new fields to D2Uri.pdl for debugging. These mirror fields in the D2URI proto in XdsD2.proto.
+
+## [29.74.0] - 2025-08-12
+- Bump gRPC version to fix IPv6AwarePickFirstLoadBalancer
+
+## [29.73.0] - 2025-08-08
+- Empty version bump
+
 ## [29.72.1] - 2025-08-07
 - Introduce new IPv6 aware Pick First policy
 
@@ -5864,7 +5873,10 @@ patch operations can re-use these classes for generating patch messages.
 
 ## [0.14.1]
 
-[Unreleased]: https://github.com/linkedin/rest.li/compare/v29.72.1...master
+[Unreleased]: https://github.com/linkedin/rest.li/compare/v29.74.1...master
+[29.74.1]: https://github.com/linkedin/rest.li/compare/v29.74.0...v29.74.1
+[29.74.0]: https://github.com/linkedin/rest.li/compare/v29.73.0...v29.74.0
+[29.73.0]: https://github.com/linkedin/rest.li/compare/v29.72.1...v29.73.0
 [29.72.1]: https://github.com/linkedin/rest.li/compare/v29.72.0...v29.72.1
 [29.72.0]: https://github.com/linkedin/rest.li/compare/v29.71.0...v29.72.0
 [29.71.0]: https://github.com/linkedin/rest.li/compare/v29.70.2...v29.71.0

build.gradle

@@ -115,21 +115,21 @@ project.ext.externalDependency = [
   'springBeans': 'org.springframework:spring-beans:3.2.18.RELEASE',
 
   // for restli-guice-bridge ONLY, we should keep these dependencies isolated
-  'guice': 'com.google.inject:guice:3.0',
-  'guiceServlet': 'com.google.inject.extensions:guice-servlet:3.0',
+  'guice'                  : 'com.google.inject:guice:3.0',
+  'guiceServlet'           : 'com.google.inject.extensions:guice-servlet:3.0',
 
-  'jsr305': 'com.google.code.findbugs:jsr305:3.0.0',
-  "avroSpotBugsPlugin": "com.linkedin.avroutil1:spotbugs-plugin:0.2.56",
-  "classgraph": "io.github.classgraph:classgraph:4.8.149",
+  'jsr305'                 : 'com.google.code.findbugs:jsr305:3.0.0',
+  "avroSpotBugsPlugin"     : "com.linkedin.avroutil1:spotbugs-plugin:0.2.56",
+  "classgraph"             : "io.github.classgraph:classgraph:4.8.149",
 
   // for integrating with xDS service discovery
-  'grpcNettyShaded': 'io.grpc:grpc-netty-shaded:1.59.1',
-  'grpcProtobuf': 'io.grpc:grpc-protobuf:1.59.1',
-  'grpcStub': 'io.grpc:grpc-stub:1.59.1',
-  'protoc': 'com.google.protobuf:protoc:3.24.0',
-  'protobufJava': 'com.google.protobuf:protobuf-java:3.24.0',
-  'protobufJavaUtil': 'com.google.protobuf:protobuf-java-util:3.24.0',
-  'envoyApi': 'io.envoyproxy.controlplane:api:0.1.35',
+  'grpcNettyShaded'        : 'io.grpc:grpc-netty-shaded:1.68.3',
+  'grpcProtobuf'           : 'io.grpc:grpc-protobuf:1.68.3',
+  'grpcStub'               : 'io.grpc:grpc-stub:1.68.3',
+  'protoc'                 : 'com.google.protobuf:protoc:3.25.5',
+  'protobufJava'           : 'com.google.protobuf:protobuf-java:3.25.5',
+  'protobufJavaUtil'       : 'com.google.protobuf:protobuf-java-util:3.25.5',
+  'envoyApi'               : 'io.envoyproxy.controlplane:api:0.1.35',
 ];
 
 if (!project.ext.isDefaultEnvironment)
@@ -234,7 +234,10 @@ subprojects {
     // so they don't conflict with "velocity-engine-core" module used
     // for versions >=2.0
     all*.exclude group: 'org.apache.velocity', module: 'velocity'
-
+    
+    //Excluding vulnerable package (commons-lang)(CVE-2025-48924)
+    all*.exclude group: 'commons-lang', module: 'commons-lang'
+    
     configureEach {
       // Force commons-lang3 to a fixed safe version
       resolutionStrategy {
@@ -441,6 +444,16 @@ subprojects {
     }
     logger.lifecycle "Tests for subproject ${project.name} will be skipped."
   }
+
+  // The following prevent gradle from picking android-specific artifacts, which breaks compilation. This was introduced
+  // by more recent versions of guava which produces android and JVM variants of their jars.
+  dependencies.constraints {
+    add("compile", "com.google.guava:guava") {
+      attributes {
+        attribute(Attribute.of("org.gradle.jvm.environment", String),"standard-jvm")
+      }
+    }
+  }
 }
 
 final skippedTests = [:].withDefault {[]}
@@ -481,4 +494,3 @@ project.gradle.buildFinished { BuildResult result ->
     logger.warn msgBuilder.toString()
   }
 }
-

d2-schemas/src/main/pegasus/com/linkedin/d2/D2Uri.pdl

@@ -19,4 +19,44 @@ record D2Uri {
    * partitionId key to weight
    */
   partitionDescription: map[string, double]
+
+  /**
+   * URI for this machine with the hostname replaced with an ipv4. Only set if an ipv4 is provided and isIpv4InSan is true.
+   */
+  ipv4VariantURI: optional string
+
+  /**
+   * URI for this machine with the hostname replaced with an ipv6. Only set if an ipv6 is provided and isIpv6InSan is true
+   */
+  ipv6VariantURI: optional string
+
+  /**
+   * The time this URI was last modified, in RFC 3339 date string format
+   */
+  modifiedTime: optional string
+
+  /**
+   * The hostname of the machine making this announcement
+   */
+  hostname: optional string
+
+  /**
+   * The ipv4 of the machine making this announcement
+   */
+  ipv4Address: optional string
+
+  /**
+   * The ipv6 of the machine making this announcement
+   */
+  ipv6Address: optional string
+
+  /**
+   * Whether the ipv4 provided is also in the app's TLS cert
+   */
+  isIpv4InSan: optional boolean
+
+  /**
+   * Whether the ipv6 provided is also in the app's TLS cert
+   */
+  isIpv6InSan: optional boolean
 }

d2/src/main/java/com/linkedin/d2/balancer/clients/RetryClient.java

@@ -56,7 +56,7 @@
 
 import java.util.concurrent.TimeUnit;
 import javax.annotation.concurrent.ThreadSafe;
-import org.apache.commons.lang.exception.ExceptionUtils;
+import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.checkerframework.checker.lock.qual.GuardedBy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

d2/src/main/java/com/linkedin/d2/xds/IPv6AwarePickFirstLoadBalancer.java

@@ -6,15 +6,13 @@
 import io.grpc.LoadBalancerRegistry;
 import io.grpc.NameResolver.ConfigOrError;
 import io.grpc.Status;
-import io.grpc.internal.PickFirstLoadBalancerProvider;
 import java.net.Inet6Address;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
-import java.util.ListIterator;
 import java.util.Map;
 
 /**
@@ -48,16 +46,13 @@ public class IPv6AwarePickFirstLoadBalancer extends LoadBalancer
 
   IPv6AwarePickFirstLoadBalancer(Helper helper)
   {
-    this(new PickFirstLoadBalancerProvider().newLoadBalancer(helper));
-  }
-
-  IPv6AwarePickFirstLoadBalancer(LoadBalancer delegate)
-  {
-    _delegate = delegate;
+    _delegate = LoadBalancerRegistry.getDefaultRegistry()
+        .getProvider("pick_first")
+        .newLoadBalancer(helper);
   }
 
   @Override
-  public boolean acceptResolvedAddresses(ResolvedAddresses resolvedAddresses)
+  public Status acceptResolvedAddresses(ResolvedAddresses resolvedAddresses)
   {
     return _delegate.acceptResolvedAddresses(resolvedAddresses.toBuilder()
         .setAddresses(ipAwareShuffle(resolvedAddresses.getAddresses()))
@@ -156,7 +151,6 @@ public int getPriority()
     @Override
     public String getPolicyName()
     {
-
       return POLICY_NAME;
     }
 

d2/src/test/java/com/linkedin/d2/xds/IPv6AwarePickFirstLoadBalancerTest.java

@@ -2,6 +2,7 @@
 
 import io.grpc.EquivalentAddressGroup;
 import io.grpc.LoadBalancer;
+import io.grpc.LoadBalancerProvider;
 import io.grpc.LoadBalancerRegistry;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
@@ -14,24 +15,15 @@
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
-import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 import static com.linkedin.d2.xds.IPv6AwarePickFirstLoadBalancer.*;
-import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.*;
 import static org.testng.Assert.*;
 
 public class IPv6AwarePickFirstLoadBalancerTest
 {
-  @Test
-  public void testRegistration()
-  {
-    assertNotNull(LoadBalancerRegistry.getDefaultRegistry().getProvider(POLICY_NAME));
-  }
-
-  @DataProvider
-  public Object[] addresses()
+  public List<List<EquivalentAddressGroup>> generateAddressGroups()
   {
     List<List<EquivalentAddressGroup>> addresses = new ArrayList<>();
     for (int i = 0; i < 10; i++)
@@ -49,26 +41,64 @@ public Object[] addresses()
     addresses.add(IntStream.range(0, 100)
         .mapToObj(j -> newGroup(j >= 50))
         .collect(Collectors.toList()));
-    return addresses.toArray();
+    return addresses;
   }
 
-  @Test(invocationCount = 10, dataProvider = "addresses")
-  public void testShuffling(List<EquivalentAddressGroup> addresses)
+  @Test
+  public void testShuffling()
   {
-    LoadBalancer mock = Mockito.mock(LoadBalancer.class);
-    IPv6AwarePickFirstLoadBalancer lb = new IPv6AwarePickFirstLoadBalancer(mock);
-    lb.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(addresses).build());
-
+    LoadBalancer mockedPickFirst = mock(LoadBalancer.class);
     ArgumentCaptor<ResolvedAddresses> addressesCaptor = ArgumentCaptor.forClass(ResolvedAddresses.class);
-    verify(mock).acceptResolvedAddresses(addressesCaptor.capture());
 
-    List<EquivalentAddressGroup> shuffledAddresses = addressesCaptor.getValue().getAddresses();
-    assertNotEquals(addresses, shuffledAddresses);
-    assertEquals(new HashSet<>(addresses), new HashSet<>(shuffledAddresses));
+    LoadBalancerRegistry.getDefaultRegistry().register(new LoadBalancerProvider()
+    {
+      @Override
+      public boolean isAvailable()
+      {
+        return true;
+      }
+
+      @Override
+      public int getPriority()
+      {
+        // Set the highest priority, so it overrides the built-in "pick_first" policy and return the mock.
+        return Integer.MAX_VALUE;
+      }
 
-    for (int i = 0; i < addresses.size(); i++)
+      @Override
+      public String getPolicyName()
+      {
+        return "pick_first";
+      }
+
+      @Override
+      public LoadBalancer newLoadBalancer(Helper helper)
+      {
+        return mockedPickFirst;
+      }
+    });
+    LoadBalancer lb = LoadBalancerRegistry.getDefaultRegistry()
+        .getProvider(POLICY_NAME)
+        .newLoadBalancer(mock(Helper.class));
+    assertTrue(lb instanceof IPv6AwarePickFirstLoadBalancer);
+
+    for (List<EquivalentAddressGroup> addresses : generateAddressGroups())
     {
-      assertEquals(hasIPv6Address(addresses.get(i)), hasIPv6Address(shuffledAddresses.get(i)));
+      reset(mockedPickFirst);
+
+      lb.acceptResolvedAddresses(ResolvedAddresses.newBuilder().setAddresses(addresses).build());
+
+      verify(mockedPickFirst).acceptResolvedAddresses(addressesCaptor.capture());
+
+
+      List<EquivalentAddressGroup> shuffledAddresses = addressesCaptor.getValue().getAddresses();
+      assertNotEquals(addresses, shuffledAddresses);
+      assertEquals(new HashSet<>(addresses), new HashSet<>(shuffledAddresses));
+
+      for (int i = 0; i < addresses.size(); i++)
+      {
+        assertEquals(hasIPv6Address(addresses.get(i)), hasIPv6Address(shuffledAddresses.get(i)));
+      }
     }
   }
 

gradle.properties

@@ -1,4 +1,4 @@
-version=29.72.1
+version=29.74.1
 group=com.linkedin.pegasus
 org.gradle.configureondemand=true
 org.gradle.parallel=true

restli-client/src/main/java/com/linkedin/restli/client/BatchingKey.java

@@ -4,8 +4,8 @@
 import java.util.Map;
 
 import com.linkedin.data.template.RecordTemplate;
-import org.apache.commons.lang.builder.EqualsBuilder;
-import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
 
 
 /**

restli-client/src/main/java/com/linkedin/restli/client/Request.java

@@ -41,7 +41,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.regex.Pattern;
-import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang3.StringUtils;
 
 
 /**

restli-docgen/src/main/java/com/linkedin/restli/docgen/RestLiHTMLDocumentationRenderer.java

@@ -48,7 +48,7 @@
 import java.util.Collections;
 import java.util.function.Function;
 import java.util.stream.Collectors;
-import org.apache.commons.lang.exception.ExceptionUtils;
+import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;