Upgrade grpc and protobuf to address CVE-2023-32732 #3992
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 tasks
zymap
added
dependencies
hangc0276
approved these changes
Jun 20, 2023
zymap
approved these changes
Jun 20, 2023
zymap
pushed a commit
that referenced
this pull request
Jun 20, 2023
### Motivation OWASP dependency check fails because of CVE-2023-32732 in grpc. ### Changes * Upgrade grpc to 1.56.0 * Upgrade protobuf to 3.22.3 to match the version used in grpc 1.56.0 * Upgrade other grpc/protobuf related libs (cherry picked from commit e188ed8)
|
Unfortunately there seems to be a breaking change in grpc-java at this location grpc/grpc-java@fcb5c54#r118953940 . |
|
I think I found a solution. I'll send a PR. |
|
#3997 contains the fix for the binary compatibility, it is necessary to merge that too. |
zymap
pushed a commit
that referenced
this pull request
Jun 21, 2023
…me in the bookkeeper client. (#3997) ### Motivation - grpc version was upgraded to 1.56.0 in #3992 - that breaks binary compatibility for DnsNameResolverProvider class - see grpc/grpc-java@fcb5c54#diff-b04e884de51ed12ff79482f600a2d4ec18e405ee189a4952ae35f4d2742b7160L50 ### Changes - make the field type NameResolverProvider instead of DnsNameResolverProvider - this prevents possible NoSuchMethodError errors about DnsNameResolverProvider.newNameResolver method
zymap
pushed a commit
that referenced
this pull request
Jun 21, 2023
…me in the bookkeeper client. (#3997) ### Motivation - grpc version was upgraded to 1.56.0 in #3992 - that breaks binary compatibility for DnsNameResolverProvider class - see grpc/grpc-java@fcb5c54#diff-b04e884de51ed12ff79482f600a2d4ec18e405ee189a4952ae35f4d2742b7160L50 ### Changes - make the field type NameResolverProvider instead of DnsNameResolverProvider - this prevents possible NoSuchMethodError errors about DnsNameResolverProvider.newNameResolver method (cherry picked from commit ffc8e8b)
zymap
pushed a commit
that referenced
this pull request
Dec 7, 2023
### Motivation OWASP dependency check fails because of CVE-2023-32732 in grpc. ### Changes * Upgrade grpc to 1.56.0 * Upgrade protobuf to 3.22.3 to match the version used in grpc 1.56.0 * Upgrade other grpc/protobuf related libs (cherry picked from commit e188ed8)
zymap
pushed a commit
that referenced
this pull request
Dec 7, 2023
…me in the bookkeeper client. (#3997) ### Motivation - grpc version was upgraded to 1.56.0 in #3992 - that breaks binary compatibility for DnsNameResolverProvider class - see grpc/grpc-java@fcb5c54#diff-b04e884de51ed12ff79482f600a2d4ec18e405ee189a4952ae35f4d2742b7160L50 ### Changes - make the field type NameResolverProvider instead of DnsNameResolverProvider - this prevents possible NoSuchMethodError errors about DnsNameResolverProvider.newNameResolver method (cherry picked from commit ffc8e8b)
Ghatage
pushed a commit
to sijie/bookkeeper
that referenced
this pull request
Jul 12, 2024
### Motivation OWASP dependency check fails because of CVE-2023-32732 in grpc. ### Changes * Upgrade grpc to 1.56.0 * Upgrade protobuf to 3.22.3 to match the version used in grpc 1.56.0 * Upgrade other grpc/protobuf related libs
Ghatage
pushed a commit
to sijie/bookkeeper
that referenced
this pull request
Jul 12, 2024
…me in the bookkeeper client. (apache#3997) ### Motivation - grpc version was upgraded to 1.56.0 in apache#3992 - that breaks binary compatibility for DnsNameResolverProvider class - see grpc/grpc-java@fcb5c54#diff-b04e884de51ed12ff79482f600a2d4ec18e405ee189a4952ae35f4d2742b7160L50 ### Changes - make the field type NameResolverProvider instead of DnsNameResolverProvider - this prevents possible NoSuchMethodError errors about DnsNameResolverProvider.newNameResolver method
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
OWASP dependency check fails because of CVE-2023-32732 in grpc.
Changes