unistack-org/micro-broker-kgo
4
0
Fork 3
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 47 Wiki Activity

Bump github.com/twmb/franz-go from 1.4.1 to 1.4.2 #55

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/twmb/franz-go-1.4.2 into v3 2022-03-26 16:59:18 +03:00
Conversation 0 Commits 1 Files Changed 2 +3 -3
dependabot[bot] commented 2022-03-25 14:18:54 +03:00 (Migrated from github.com)
Copy Link

Bumps github.com/twmb/franz-go from 1.4.1 to 1.4.2.

Changelog

Sourced from github.com/twmb/franz-go's changelog.

v1.4.2

This release fixes a potential incremental fetch session spin loop / undesirable behavior. This was not reported, but can happen if you use many clients against your cluster.

Previously, if a broker advertised that it supported consumer fetch sessions but did not actually create any and returned "0" to signify no session was created, the client would accept that 0 as a new fetch session. If the fetch response returned no data and thus made no forward progress, the next fetch request would include no partitions (believing a fetch session was created), and the broker would again reply immediately with no data and no fetch session. This would loop. Now, if the broker indicates no fetch session was created, we immediately stop trying to create new fetch sessions and never try again.

In practice, fetch sessions are rejected if and replied to with 0 if a new one cannot be created. The default fetch session cache in Kafka is 1,000. If you have more than 1,000 active clients (where brokers count as clients against other brokers), you are at risk of this bug.

This bug would manifest in clearly visible ways: higher cpu, no forward progress while consuming. If you have not seen these, you have not experienced the bug. However, it is recommended that all users upgrade to avoid it.

This has two followup fixes to 83b0a32, one which fixes behavior that broke EndBeginTxnSafe, and one which mirrors some of the logic supporting EndBeginTxnUnsafe into EndTransaction itself. This also fixes a very rare data race that realistically would result in a new connection being killed immediately (since at the CPU, reads/writes of pointers is atomic).

  • 2faf459 bugfix broker: fix rare data race
  • 8f7c8cd bugfix EndBeginTxnUnsafe: partially back out of 83b0a32
  • 85a680e bugfix consuming: do not continually try to create fetch sessions
  • 2decd27 bugfix EndTransaction: mirror EndBeginTxnUnsafe logic
Commits
  • 6c87885 changelog: further note v1.4.2
  • 2faf459 broker: fix data race
  • 8f7c8cd EndBeginTxnUnsafe: partially back out of 83b0a32
  • 5154cc4 CHANGELOG: note v1.4.2
  • dbfe171 update "Who uses this?"
  • 85a680e consuming: do not continually try to create fetch sessions
  • 2decd27 EndTransaction: mirror EndBeginTxnUnsafe logic
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/twmb/franz-go](https://github.com/twmb/franz-go) from 1.4.1 to 1.4.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twmb/franz-go/blob/master/CHANGELOG.md">github.com/twmb/franz-go's changelog</a>.</em></p> <blockquote> <h1>v1.4.2</h1> <p>This release fixes a potential incremental fetch session spin loop / undesirable behavior. This was not reported, but can happen if you use many clients against your cluster.</p> <p>Previously, if a broker advertised that it supported consumer fetch sessions but did not actually create any and returned &quot;0&quot; to signify no session was created, the client would accept that 0 as a new fetch session. If the fetch response returned no data and thus made no forward progress, the next fetch request would include no partitions (believing a fetch session was created), and the broker would again reply immediately with no data and no fetch session. This would loop. Now, if the broker indicates no fetch session was created, we immediately stop trying to create new fetch sessions and never try again.</p> <p>In practice, fetch sessions are rejected if and replied to with 0 if a new one cannot be created. The default fetch session cache in Kafka is 1,000. If you have more than 1,000 active clients (where brokers count as clients against other brokers), you are at risk of this bug.</p> <p>This bug would manifest in clearly visible ways: higher cpu, no forward progress while consuming. If you have not seen these, you have not experienced the bug. However, it is recommended that all users upgrade to avoid it.</p> <p>This has two followup fixes to <a href="https://github.com/twmb/franz-go/commit/83b0a32"><code>83b0a32</code></a>, one which fixes behavior that broke <code>EndBeginTxnSafe</code>, and one which mirrors some of the logic supporting <code>EndBeginTxnUnsafe</code> into <code>EndTransaction</code> itself. This also fixes a very rare data race that <em>realistically</em> would result in a new connection being killed immediately (since at the CPU, reads/writes of pointers is atomic).</p> <ul> <li><a href="https://github.com/twmb/franz-go/commit/2faf459"><code>2faf459</code></a> <strong>bugfix</strong> broker: fix rare data race</li> <li><a href="https://github.com/twmb/franz-go/commit/8f7c8cd"><code>8f7c8cd</code></a> <strong>bugfix</strong> EndBeginTxnUnsafe: partially back out of <a href="https://github.com/twmb/franz-go/commit/83b0a32"><code>83b0a32</code></a></li> <li><a href="https://github.com/twmb/franz-go/commit/85a680e"><code>85a680e</code></a> <strong>bugfix</strong> consuming: do not continually try to create fetch sessions</li> <li><a href="https://github.com/twmb/franz-go/commit/2decd27"><code>2decd27</code></a> <strong>bugfix</strong> EndTransaction: mirror EndBeginTxnUnsafe logic</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twmb/franz-go/commit/6c87885d13a36dfadd42ffa2c2c58cb81646a93a"><code>6c87885</code></a> changelog: further note v1.4.2</li> <li><a href="https://github.com/twmb/franz-go/commit/2faf4590781471617e1c3bf34eceb1e3eacf253b"><code>2faf459</code></a> broker: fix data race</li> <li><a href="https://github.com/twmb/franz-go/commit/8f7c8cdc4622095d7430589df42c09f517e71ed6"><code>8f7c8cd</code></a> EndBeginTxnUnsafe: partially back out of 83b0a32</li> <li><a href="https://github.com/twmb/franz-go/commit/5154cc41017d7b0348050cd573fece745de35b66"><code>5154cc4</code></a> CHANGELOG: note v1.4.2</li> <li><a href="https://github.com/twmb/franz-go/commit/dbfe171b6d040e4348fefc6800486b9dda929207"><code>dbfe171</code></a> update &quot;Who uses this?&quot;</li> <li><a href="https://github.com/twmb/franz-go/commit/85a680ea71e26d0f032fd296f685799da85b646e"><code>85a680e</code></a> consuming: do not continually try to create fetch sessions</li> <li><a href="https://github.com/twmb/franz-go/commit/2decd27dc9083248eca6d09209c88abfdad843e8"><code>2decd27</code></a> EndTransaction: mirror EndBeginTxnUnsafe logic</li> <li>See full diff in <a href="https://github.com/twmb/franz-go/compare/v1.4.1...v1.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/twmb/franz-go&package-manager=go_modules&previous-version=1.4.1&new-version=1.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-03-25 14:19:08 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
github-actions[bot]
Labels
Clear labels
Kind/Breaking
Breaking change that won't be backward compatible
Kind/Bug
Something is not working
Kind/Documentation
Documentation changes
Kind/Enhancement
Improve existing functionality
Kind/Feature
New functionality
Kind/Security
This is security issue
Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unistack-org/micro-broker-kgo#55
No description provided.
Delete Branch "dependabot/go_modules/github.com/twmb/franz-go-1.4.2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?