build(deps): bump github.com/twmb/franz-go from 1.4.1 to 1.4.2 #203

Merged
dependabot[bot] merged 1 commits from dependabot/go_modules/github.com/twmb/franz-go-1.4.2 into master 2022-03-26 17:11:17 +03:00
dependabot[bot] commented 2022-03-25 17:21:27 +03:00 (Migrated from github.com)

Bumps github.com/twmb/franz-go from 1.4.1 to 1.4.2.

Changelog

Sourced from github.com/twmb/franz-go's changelog.

v1.4.2

This release fixes a potential incremental fetch session spin loop / undesirable behavior. This was not reported, but can happen if you use many clients against your cluster.

Previously, if a broker advertised that it supported consumer fetch sessions but did not actually create any and returned "0" to signify no session was created, the client would accept that 0 as a new fetch session. If the fetch response returned no data and thus made no forward progress, the next fetch request would include no partitions (believing a fetch session was created), and the broker would again reply immediately with no data and no fetch session. This would loop. Now, if the broker indicates no fetch session was created, we immediately stop trying to create new fetch sessions and never try again.

In practice, fetch sessions are rejected if and replied to with 0 if a new one cannot be created. The default fetch session cache in Kafka is 1,000. If you have more than 1,000 active clients (where brokers count as clients against other brokers), you are at risk of this bug.

This bug would manifest in clearly visible ways: higher cpu, no forward progress while consuming. If you have not seen these, you have not experienced the bug. However, it is recommended that all users upgrade to avoid it.

This has two followup fixes to 83b0a32, one which fixes behavior that broke EndBeginTxnSafe, and one which mirrors some of the logic supporting EndBeginTxnUnsafe into EndTransaction itself. This also fixes a very rare data race that realistically would result in a new connection being killed immediately (since at the CPU, reads/writes of pointers is atomic).

  • 2faf459 bugfix broker: fix rare data race
  • 8f7c8cd bugfix EndBeginTxnUnsafe: partially back out of 83b0a32
  • 85a680e bugfix consuming: do not continually try to create fetch sessions
  • 2decd27 bugfix EndTransaction: mirror EndBeginTxnUnsafe logic
Commits
  • 6c87885 changelog: further note v1.4.2
  • 2faf459 broker: fix data race
  • 8f7c8cd EndBeginTxnUnsafe: partially back out of 83b0a32
  • 5154cc4 CHANGELOG: note v1.4.2
  • dbfe171 update "Who uses this?"
  • 85a680e consuming: do not continually try to create fetch sessions
  • 2decd27 EndTransaction: mirror EndBeginTxnUnsafe logic
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [github.com/twmb/franz-go](https://github.com/twmb/franz-go) from 1.4.1 to 1.4.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/twmb/franz-go/blob/master/CHANGELOG.md">github.com/twmb/franz-go's changelog</a>.</em></p> <blockquote> <h1>v1.4.2</h1> <p>This release fixes a potential incremental fetch session spin loop / undesirable behavior. This was not reported, but can happen if you use many clients against your cluster.</p> <p>Previously, if a broker advertised that it supported consumer fetch sessions but did not actually create any and returned &quot;0&quot; to signify no session was created, the client would accept that 0 as a new fetch session. If the fetch response returned no data and thus made no forward progress, the next fetch request would include no partitions (believing a fetch session was created), and the broker would again reply immediately with no data and no fetch session. This would loop. Now, if the broker indicates no fetch session was created, we immediately stop trying to create new fetch sessions and never try again.</p> <p>In practice, fetch sessions are rejected if and replied to with 0 if a new one cannot be created. The default fetch session cache in Kafka is 1,000. If you have more than 1,000 active clients (where brokers count as clients against other brokers), you are at risk of this bug.</p> <p>This bug would manifest in clearly visible ways: higher cpu, no forward progress while consuming. If you have not seen these, you have not experienced the bug. However, it is recommended that all users upgrade to avoid it.</p> <p>This has two followup fixes to <a href="https://github.com/twmb/franz-go/commit/83b0a32"><code>83b0a32</code></a>, one which fixes behavior that broke <code>EndBeginTxnSafe</code>, and one which mirrors some of the logic supporting <code>EndBeginTxnUnsafe</code> into <code>EndTransaction</code> itself. This also fixes a very rare data race that <em>realistically</em> would result in a new connection being killed immediately (since at the CPU, reads/writes of pointers is atomic).</p> <ul> <li><a href="https://github.com/twmb/franz-go/commit/2faf459"><code>2faf459</code></a> <strong>bugfix</strong> broker: fix rare data race</li> <li><a href="https://github.com/twmb/franz-go/commit/8f7c8cd"><code>8f7c8cd</code></a> <strong>bugfix</strong> EndBeginTxnUnsafe: partially back out of <a href="https://github.com/twmb/franz-go/commit/83b0a32"><code>83b0a32</code></a></li> <li><a href="https://github.com/twmb/franz-go/commit/85a680e"><code>85a680e</code></a> <strong>bugfix</strong> consuming: do not continually try to create fetch sessions</li> <li><a href="https://github.com/twmb/franz-go/commit/2decd27"><code>2decd27</code></a> <strong>bugfix</strong> EndTransaction: mirror EndBeginTxnUnsafe logic</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/twmb/franz-go/commit/6c87885d13a36dfadd42ffa2c2c58cb81646a93a"><code>6c87885</code></a> changelog: further note v1.4.2</li> <li><a href="https://github.com/twmb/franz-go/commit/2faf4590781471617e1c3bf34eceb1e3eacf253b"><code>2faf459</code></a> broker: fix data race</li> <li><a href="https://github.com/twmb/franz-go/commit/8f7c8cdc4622095d7430589df42c09f517e71ed6"><code>8f7c8cd</code></a> EndBeginTxnUnsafe: partially back out of 83b0a32</li> <li><a href="https://github.com/twmb/franz-go/commit/5154cc41017d7b0348050cd573fece745de35b66"><code>5154cc4</code></a> CHANGELOG: note v1.4.2</li> <li><a href="https://github.com/twmb/franz-go/commit/dbfe171b6d040e4348fefc6800486b9dda929207"><code>dbfe171</code></a> update &quot;Who uses this?&quot;</li> <li><a href="https://github.com/twmb/franz-go/commit/85a680ea71e26d0f032fd296f685799da85b646e"><code>85a680e</code></a> consuming: do not continually try to create fetch sessions</li> <li><a href="https://github.com/twmb/franz-go/commit/2decd27dc9083248eca6d09209c88abfdad843e8"><code>2decd27</code></a> EndTransaction: mirror EndBeginTxnUnsafe logic</li> <li>See full diff in <a href="https://github.com/twmb/franz-go/compare/v1.4.1...v1.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/twmb/franz-go&package-manager=go_modules&previous-version=1.4.1&new-version=1.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions[bot] (Migrated from github.com) approved these changes 2022-03-25 17:21:41 +03:00
Sign in to join this conversation.
No description provided.