Bump netty version to 4.1.77.Final

[hezhangjian]

Motivation

original PR #3091
Changelog: https://netty.io/news/2022/05/06/2-1-77-Final.html

Modifications

• Upgrade Netty from 4.1.75.Final to 4.1.77.Final
• Netty 4.1.77.Final depends on netty-tc-native 2.0.52, also updates

[hezhangjian]

rerun failure checks

[hezhangjian]

@nicoloboschi @dlg99 @eolivelli @merlimat
Although the OWASP Dependency check is failed, but can we merge it? Netty is not related to this fail(google-http-client-gson-1.41.0.jar: CVE-2022-25647(7.5))

I think that we need another grpc PR to solve it.

[CalvinKirs]

@nicoloboschi @dlg99 @eolivelli @merlimat Although the OWASP Dependency check is failed, but can we merge it? Netty is not related to this fail(google-http-client-gson-1.41.0.jar: CVE-2022-25647(7.5))

I think that we need another grpc PR to solve it.

on dependency upgrades, it's best to solve the corresponding CI failure first. You can submit a new PR to solve this problem alone. When this problem is solved, then back to this PR, otherwise, we cannot fast ensure whether this PR will introduce new problems.

[hezhangjian]

@CalvinKirs Now we check CVE when pom file changes. If netty and grpc both have CVE now, we need to update netty and grpc in one pr. I think it's quite unreasonable.

[CalvinKirs]

@CalvinKirs Now we check CVE when pom file changes. If netty and grpc both have CVE now, we need to update netty and grpc in one pr. I think it's quite unreasonable.

I mean, don't rush to merge this PR, if you are sure that this is a problem caused by the GRPC version, you can submit a new PR to solve it(Grpc), and then come back to this PR(Netty).

[nicoloboschi]

we can merge it, the related owasp failure is a false positive and not related to this pull