Bump Project Reactor to 3.8.1 and Reactor Netty to 1.3.1

[reta]

Description

Bump Project Reactor to 3.8.1 and Reactor Netty to 1.3.1

Related Issues

N/A

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Summary by CodeRabbit

• Chores

  • Bumped Reactor Core (3.8.0 → 3.8.1) and Reactor Netty (1.3.0 → 1.3.1).
  • Added new QUIC codec library and corresponding dependency; updated checksum/license records for new versions and removed obsolete ones.
  • Extended third‑party audit ignores for QUIC/Netty classes and adjusted related audit entries.

• Documentation

  • Updated CHANGELOG under "Unreleased 3.x → Dependencies" to reflect the version bumps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Bumped Project Reactor 3.8.0→3.8.1 and Reactor Netty 1.3.0→1.3.1; replaced/added corresponding .sha1 license checksum files across client, server, plugins, and transport folders; added netty QUIC library reference and checksum; updated two plugin build.gradle thirdPartyAudit entries; added CHANGELOG entry.

Changes

Cohort / File(s)	Summary
Gradle version config & library gradle/libs.versions.toml	Updated reactor 3.8.0 → 3.8.1 and reactor_netty 1.3.0 → 1.3.1; added netty-codec-classes-quic library entry.
Checksum files — Reactor core client/rest/licenses/reactor-core-*.jar.sha1, server/licenses/reactor-core-*.jar.sha1	Removed reactor-core-3.8.0.jar.sha1 files; added reactor-core-3.8.1.jar.sha1 files with new SHA-1 content.
Checksum files — Reactor Netty (plugins & transport) plugins/repository-azure/licenses/..., plugins/transport-reactor-netty4/licenses/...	Deleted reactor-netty-core-1.3.0.jar.sha1 and reactor-netty-http-1.3.0.jar.sha1 where present; added corresponding 1.3.1.jar.sha1 files and added netty-codec-classes-quic-4.2.7.Final.jar.sha1.
Plugin build files (thirdPartyAudit & deps) plugins/repository-azure/build.gradle, plugins/transport-reactor-netty4/build.gradle	Added io.netty.handler.codec.quic.Quic to ignoreMissingClasses (repository-azure); added api libs.netty.codec.classes.quic dependency and io.netty.channel.epoll.SegmentedDatagramPacket to ignoreMissingClasses, and removed several explicit QUIC ignoreViolations entries (transport-reactor-netty4).
Changelog CHANGELOG.md	Added Unreleased 3.x dependency entry: bump Reactor → 3.8.1 and Reactor Netty → 1.3.1.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Areas to inspect closely:
  • gradle/libs.versions.toml (ensure only intended version/library lines changed).
  • plugins/transport-reactor-netty4/build.gradle (dependency addition and removal of many ignoreViolations entries — verify rationale and no regressions).
  • plugins/repository-azure/build.gradle (ignoreMissingClasses entry spelling).
  • All added/removed .sha1 files (verify checksum values and trailing-newline expectations).
  • CHANGELOG placement and formatting.

Suggested reviewers

• andrross
• cwperks
• peternied

Poem

🐰 I hopped through lines of code and hash,

New versions tucked into the stash.
I swapped old sums for fresh and neat,
A tiny patch — a build more sweet.
🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately and concisely describes the primary change: bumping Project Reactor to 3.8.1 and Reactor Netty to 1.3.1, which is clearly reflected in the file changes and CHANGELOG entry.
Description check	✅ Passed	The PR description includes the required Description section with a clear summary, and Related Issues marked as N/A. The checklist is present but all items remain unchecked, indicating no testing was included and no companion PRs were created.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 11b9acd and f187b24.

📒 Files selected for processing (17)

• CHANGELOG.md (1 hunks)
• client/rest/licenses/reactor-core-3.8.0.jar.sha1 (0 hunks)
• client/rest/licenses/reactor-core-3.8.1.jar.sha1 (1 hunks)
• gradle/libs.versions.toml (2 hunks)
• plugins/repository-azure/build.gradle (1 hunks)
• plugins/repository-azure/licenses/reactor-netty-core-1.3.0.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/reactor-netty-core-1.3.1.jar.sha1 (1 hunks)
• plugins/repository-azure/licenses/reactor-netty-http-1.3.0.jar.sha1 (0 hunks)
• plugins/repository-azure/licenses/reactor-netty-http-1.3.1.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/build.gradle (2 hunks)
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.7.Final.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.0.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.1.jar.sha1 (1 hunks)
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.0.jar.sha1 (0 hunks)
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.1.jar.sha1 (1 hunks)
• server/licenses/reactor-core-3.8.0.jar.sha1 (0 hunks)
• server/licenses/reactor-core-3.8.1.jar.sha1 (1 hunks)

💤 Files with no reviewable changes (6)

• server/licenses/reactor-core-3.8.0.jar.sha1
• client/rest/licenses/reactor-core-3.8.0.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.0.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-core-1.3.0.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.0.jar.sha1
• plugins/repository-azure/licenses/reactor-netty-http-1.3.0.jar.sha1

✅ Files skipped from review due to trivial changes (3)

• plugins/transport-reactor-netty4/licenses/reactor-netty-http-1.3.1.jar.sha1
• plugins/transport-reactor-netty4/licenses/reactor-netty-core-1.3.1.jar.sha1
• plugins/transport-reactor-netty4/licenses/netty-codec-classes-quic-4.2.7.Final.jar.sha1

🚧 Files skipped from review as they are similar to previous changes (6)

• server/licenses/reactor-core-3.8.1.jar.sha1
• client/rest/licenses/reactor-core-3.8.1.jar.sha1
• CHANGELOG.md
• plugins/repository-azure/licenses/reactor-netty-core-1.3.1.jar.sha1
• gradle/libs.versions.toml
• plugins/repository-azure/licenses/reactor-netty-http-1.3.1.jar.sha1

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (21)

• GitHub Check: gradle-check
• GitHub Check: precommit (25, macos-15-intel)
• GitHub Check: precommit (21, windows-2025, true)
• GitHub Check: precommit (25, ubuntu-24.04-arm)
• GitHub Check: precommit (25, windows-latest)
• GitHub Check: precommit (25, macos-15)
• GitHub Check: precommit (21, macos-15-intel)
• GitHub Check: precommit (21, ubuntu-24.04-arm)
• GitHub Check: precommit (21, windows-latest)
• GitHub Check: precommit (21, ubuntu-latest)
• GitHub Check: precommit (21, macos-15)
• GitHub Check: precommit (25, ubuntu-latest)
• GitHub Check: Analyze (java)
• GitHub Check: detect-breaking-change
• GitHub Check: assemble (21, windows-latest)
• GitHub Check: assemble (25, ubuntu-24.04-arm)
• GitHub Check: assemble (25, windows-latest)
• GitHub Check: assemble (21, ubuntu-latest)
• GitHub Check: assemble (25, ubuntu-latest)
• GitHub Check: assemble (21, ubuntu-24.04-arm)
• GitHub Check: Mend Security Check

🔇 Additional comments (3)

plugins/repository-azure/build.gradle (1)

149-159: Verify consistency with transport-reactor-netty4 QUIC handling.

The repository-azure plugin adds 'io.netty.handler.codec.quic.Quic' to ignoreMissingClasses, while the transport-reactor-netty4 plugin (in this PR) adds libs.netty.codec.classes.quic as an explicit api dependency and removes ignoreViolations for QUIC-related classes. Confirm whether repository-azure should also add the netty-codec-classes-quic dependency to align with the centralized QUIC handling strategy, or if the ignore-only approach is intentional due to transitive/optional usage.

plugins/transport-reactor-netty4/build.gradle (2)

38-38: LGTM: Adding QUIC codec library dependency.

The addition of libs.netty.codec.classes.quic as an api dependency aligns with Reactor Netty 1.3.1's QUIC support and complements the removal of QUIC-related classes from ignoreViolations.

---

154-154: Verify SegmentedDatagramPacket is necessary for Netty 1.3.1.

The addition of 'io.netty.channel.epoll.SegmentedDatagramPacket' to ignoreMissingClasses follows the established pattern for platform-specific Netty classes. Confirm this class is referenced by the new QUIC or updated Netty dependencies in version 1.3.1.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌ Gradle check result for 11b9acd: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for f187b24: SUCCESS

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.26%. Comparing base (1aed472) to head (f187b24).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #20217      +/-   ##
============================================
- Coverage     73.29%   73.26%   -0.03%     
+ Complexity    71780    71778       -2     
============================================
  Files          5795     5795              
  Lines        328297   328297              
  Branches      47282    47282              
============================================
- Hits         240612   240539      -73     
- Misses        68368    68489     +121     
+ Partials      19317    19269      -48     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.