Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update protobuf and grpc to latest, remove overrides #11

Merged
merged 2 commits into from
Oct 16, 2024
Merged

Update protobuf and grpc to latest, remove overrides #11

merged 2 commits into from
Oct 16, 2024

Conversation

swi-jared
Copy link
Contributor

@swi-jared swi-jared commented Oct 15, 2024
edited
Loading

Description of changes:

Update protobuf and grpc libraries to account for CVE-2024-7254.

Diff of mvn dependency:tree output main->update-deps:

20,28c20,34
< [INFO] +- io.grpc:grpc-netty-shaded:jar:1.51.1:runtime
< [INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.14.0:compile
< [INFO] |  +- io.perfmark:perfmark-api:jar:0.25.0:runtime
< [INFO] |  \- io.grpc:grpc-core:jar:1.51.1:compile
< [INFO] |     +- com.google.android:annotations:jar:4.1.1.4:runtime
< [INFO] |     \- org.codehaus.mojo:animal-sniffer-annotations:jar:1.21:runtime
< [INFO] +- io.grpc:grpc-protobuf:jar:1.51.1:compile
< [INFO] |  +- io.grpc:grpc-api:jar:1.51.1:compile
< [INFO] |  |  \- io.grpc:grpc-context:jar:1.51.1:compile
---
> [INFO] +- io.grpc:grpc-netty-shaded:jar:1.68.0:runtime
> [INFO] |  +- io.grpc:grpc-util:jar:1.68.0:runtime
> [INFO] |  |  \- org.codehaus.mojo:animal-sniffer-annotations:jar:1.24:runtime
> [INFO] |  +- io.grpc:grpc-core:jar:1.68.0:runtime
> [INFO] |  |  +- com.google.android:annotations:jar:4.1.1.4:runtime
> [INFO] |  |  \- io.grpc:grpc-context:jar:1.68.0:runtime
> [INFO] |  +- com.google.guava:guava:jar:33.2.1-android:compile
> [INFO] |  |  +- com.google.guava:failureaccess:jar:1.0.2:compile
> [INFO] |  |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
> [INFO] |  |  +- org.checkerframework:checker-qual:jar:3.42.0:compile
> [INFO] |  |  \- com.google.j2objc:j2objc-annotations:jar:3.0.0:compile
> [INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.28.0:compile
> [INFO] |  +- io.perfmark:perfmark-api:jar:0.27.0:runtime
> [INFO] |  \- io.grpc:grpc-api:jar:1.68.0:compile
> [INFO] +- io.grpc:grpc-protobuf:jar:1.68.0:compile
30,41c36,42
< [INFO] |  +- com.google.protobuf:protobuf-java:jar:3.21.7:compile
< [INFO] |  +- com.google.api.grpc:proto-google-common-protos:jar:2.9.0:compile
< [INFO] |  \- io.grpc:grpc-protobuf-lite:jar:1.51.1:compile
< [INFO] +- io.grpc:grpc-services:jar:1.51.1:compile
< [INFO] +- io.grpc:grpc-stub:jar:1.51.1:compile
< [INFO] +- com.google.protobuf:protobuf-java-util:jar:3.21.7:compile
< [INFO] +- com.google.code.gson:gson:jar:2.10.1:compile
< [INFO] +- com.google.guava:guava:jar:32.0.1-jre:compile
< [INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
< [INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
< [INFO] |  \- org.checkerframework:checker-qual:jar:3.33.0:compile
< [INFO] +- com.google.j2objc:j2objc-annotations:jar:2.8:compile
---
> [INFO] |  +- com.google.protobuf:protobuf-java:jar:3.25.5:compile
> [INFO] |  +- com.google.api.grpc:proto-google-common-protos:jar:2.41.0:compile
> [INFO] |  \- io.grpc:grpc-protobuf-lite:jar:1.68.0:runtime
> [INFO] +- io.grpc:grpc-services:jar:1.68.0:compile
> [INFO] |  +- com.google.protobuf:protobuf-java-util:jar:3.25.5:runtime
> [INFO] |  \- com.google.code.gson:gson:jar:2.11.0:runtime
> [INFO] +- io.grpc:grpc-stub:jar:1.68.0:compile

@swi-jared swi-jared marked this pull request as ready for review October 15, 2024 22:12
@swi-jared swi-jared requested a review from a team as a code owner October 15, 2024 22:12
@swi-jared
Copy link
Contributor Author

@cleverchuk Please confirm the upgrade to grpc 1.68 is OK

@cleverchuk cleverchuk merged commit c7318a2 into main Oct 16, 2024
1 check passed
@jerrytfleung jerrytfleung deleted the update-deps branch October 16, 2024 16:05
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@cleverchuk cleverchuk cleverchuk approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@swi-jared @cleverchuk @jerrytfleung