Bump reactor-netty from 1.3.2 to 1.3.3, reactor from 3.8.2 to 3.8.3

[reta]

Description

Bump reactor-netty from 1.3.2 to 1.3.3, reactor from 3.8.2 to 3.8.3

Related Issues

N/A

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR upgrades reactor-netty from 1.3.2 to 1.3.3 and reactor-core from 3.8.2 to 3.8.3, updating the version catalog, changelog, and corresponding license checksum files across multiple modules.

Changes

Cohort / File(s)	Summary
Version Catalog & Changelog gradle/libs.versions.toml, CHANGELOG.md	Updated reactor_netty version from 1.3.2 to 1.3.3 and reactor version from 3.8.2 to 3.8.3 in version catalog. Added changelog entries documenting the dependency bumps.
Client/Rest License Checksums client/rest/licenses/reactor-core-3.8.2.jar.sha1, client/rest/licenses/reactor-core-3.8.3.jar.sha1	Removed old reactor-core 3.8.2 checksum file and added new checksum for reactor-core 3.8.3.
Repository-Azure License Checksums plugins/repository-azure/licenses/reactor-netty-core-1.3.2.jar.sha1, plugins/repository-azure/licenses/reactor-netty-core-1.3.3.jar.sha1, plugins/repository-azure/licenses/reactor-netty-http-1.3.2.jar.sha1, plugins/repository-azure/licenses/reactor-netty-http-1.3.3.jar.sha1	Removed old reactor-netty 1.3.2 checksum files and added new checksums for reactor-netty 1.3.3.
Transport-Reactor-Netty4 License Checksums plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.2.jar.sha1, plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.3.jar.sha1, plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.2.jar.sha1, plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.3.jar.sha1	Removed old reactor-netty 1.3.2 checksum files and added new checksums for reactor-netty 1.3.3.
Server License Checksums server/licenses/reactor-core-3.8.2.jar.sha1, server/licenses/reactor-core-3.8.3.jar.sha1	Removed old reactor-core 3.8.2 checksum file and added new checksum for reactor-core 3.8.3.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• opensearch-project/OpenSearch#20419: Performs identical reactor-netty and reactor version bumps with corresponding checksum file updates
• opensearch-project/OpenSearch#20217: Updates Project Reactor and Reactor Netty versions with matching version catalog and license file modifications

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping two reactor dependencies to specific versions, which is accurately reflected in the changeset.
Description check	✅ Passed	The description follows the template structure with Description, Related Issues, and Check List sections. However, the Description section lacks detail about why these bumps are needed or any testing notes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 42abf94 and 1c064c0.

📒 Files selected for processing (14)

• CHANGELOG.md
• client/rest/licenses/reactor-core-3.8.2.jar.sha1
• client/rest/licenses/reactor-core-3.8.3.jar.sha1
• gradle/libs.versions.toml
• plugins/repository-azure/licenses/reactor-netty-core-1.3.2.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-core-1.3.3.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-http-1.3.2.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-http-1.3.3.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.2.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.3.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.2.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.3.jar.sha1
• server/licenses/reactor-core-3.8.2.jar.sha1
• server/licenses/reactor-core-3.8.3.jar.sha1

💤 Files with no reviewable changes (6)

• server/licenses/reactor-core-3.8.2.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-http-1.3.2.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.2.jar.sha1
• client/rest/licenses/reactor-core-3.8.2.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.2.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-core-1.3.2.jar.sha1

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-12-12T18:40:08.452Z

Learnt from: reta
Repo: opensearch-project/OpenSearch PR: 20017
File: plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java:256-256
Timestamp: 2025-12-12T18:40:08.452Z
Learning: In the OpenSearch ReactorNetty4 secure HTTP transport tests (plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java), URI limit validation has been moved from the protocol layer to the transport layer, making it protocol-agnostic. The random protocol selection in ReactorHttpClient.https(settings) is intentional to ensure all tests validate correct behavior across HTTP/1.1, HTTP/2, and HTTP/3.

Applied to files:

• gradle/libs.versions.toml
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.3.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.3.jar.sha1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (19)

• GitHub Check: gradle-check
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: Analyze (java)

🔇 Additional comments (8)

plugins/repository-azure/licenses/reactor-netty-core-1.3.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

plugins/repository-azure/licenses/reactor-netty-http-1.3.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

client/rest/licenses/reactor-core-3.8.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

server/licenses/reactor-core-3.8.3.jar.sha1 (1)

1-1: Checksum addition looks correct.

CHANGELOG.md (1)

29-30: Changelog entries match the dependency bumps.

gradle/libs.versions.toml (1)

45-46: ⚠️ Potential issue | 🔴 Critical

reactor-core 3.8.3 does not exist on Maven Central—update to 3.8.2 (latest 3.8.x release) or use 3.8.3-SNAPSHOT if intentional.

reactor-netty 1.3.3 exists and has no known CVEs. However, reactor-core 3.8.3 is not a released version on Maven Central; only 3.8.3-SNAPSHOT is available. The latest 3.8.x GA release is 3.8.2 (Jan 13, 2026). Change line 46 to reactor = "3.8.2" unless snapshot builds are explicitly required.

⛔ Skipped due to learnings

Learnt from: reta
Repo: opensearch-project/OpenSearch PR: 20017
File: plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java:256-256
Timestamp: 2025-12-12T18:40:08.452Z
Learning: In the OpenSearch ReactorNetty4 secure HTTP transport tests (plugins/transport-reactor-netty4/src/test/java/org/opensearch/http/reactor/netty4/ssl/SecureReactorNetty4HttpServerTransportTests.java), URI limit validation has been moved from the protocol layer to the transport layer, making it protocol-agnostic. The random protocol selection in ReactorHttpClient.https(settings) is intentional to ensure all tests validate correct behavior across HTTP/1.1, HTTP/2, and HTTP/3.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌ Gradle check result for 1c064c0: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 1c064c0: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 1c064c0: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 1c064c0: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 1c064c0: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for 1c064c0: SUCCESS

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.27%. Comparing base (e59c30c) to head (1c064c0).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #20589      +/-   ##
============================================
- Coverage     73.37%   73.27%   -0.11%     
+ Complexity    72197    72141      -56     
============================================
  Files          5798     5798              
  Lines        329816   329816              
  Branches      47538    47538              
============================================
- Hits         242001   241670     -331     
- Misses        68458    68809     +351     
+ Partials      19357    19337      -20     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.