chore: upgrade grpc due to vuln (#48)

SrikarMannepalli · web-flow · commit cb3600aa7228 · 2023-08-18T09:04:58.000+05:30
* upgrade grpc and auth0 libs

* update

* revert jwks change
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-all.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/grpc-client-rx-utils/build.gradle.kts b/grpc-client-rx-utils/build.gradle.kts
@@ -6,7 +6,7 @@ plugins {
 }
 
 dependencies {
-  api(platform("io.grpc:grpc-bom:1.56.0"))
+  api(platform("io.grpc:grpc-bom:1.57.2"))
   api("io.reactivex.rxjava3:rxjava:3.1.4")
   api("io.grpc:grpc-stub")
   api(project(":grpc-context-utils"))
diff --git a/grpc-client-utils/build.gradle.kts b/grpc-client-utils/build.gradle.kts
@@ -7,7 +7,7 @@ plugins {
 
 dependencies {
 
-  api(platform("io.grpc:grpc-bom:1.56.0"))
+  api(platform("io.grpc:grpc-bom:1.57.2"))
   api("io.grpc:grpc-context")
   api("io.grpc:grpc-api")
   api(platform("io.netty:netty-bom:4.1.94.Final")) {
diff --git a/grpc-context-utils/build.gradle.kts b/grpc-context-utils/build.gradle.kts
@@ -10,7 +10,7 @@ tasks.test {
 }
 
 dependencies {
-  api(platform("io.grpc:grpc-bom:1.56.0"))
+  api(platform("io.grpc:grpc-bom:1.57.2"))
   implementation("io.grpc:grpc-core")
 
   implementation("com.auth0:java-jwt:4.4.0")
diff --git a/grpc-server-rx-utils/build.gradle.kts b/grpc-server-rx-utils/build.gradle.kts
@@ -6,7 +6,7 @@ plugins {
 }
 
 dependencies {
-  api(platform("io.grpc:grpc-bom:1.56.0"))
+  api(platform("io.grpc:grpc-bom:1.57.2"))
   api("io.reactivex.rxjava3:rxjava:3.1.4")
   api("io.grpc:grpc-stub")
 
diff --git a/grpc-server-utils/build.gradle.kts b/grpc-server-utils/build.gradle.kts
@@ -10,7 +10,7 @@ tasks.test {
 }
 
 dependencies {
-  api(platform("io.grpc:grpc-bom:1.56.0"))
+  api(platform("io.grpc:grpc-bom:1.57.2"))
   api("io.grpc:grpc-context")
   api("io.grpc:grpc-api")
 
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -7,4 +7,12 @@
         <packageUrl regex="true">^pkg:maven/org\.hypertrace\..*@.*$</packageUrl>
         <cpe>cpe:/a:grpc:grpc</cpe>
     </suppress>
+    <suppress until="2023-08-31Z">
+        <notes><![CDATA[
+  file name: jackson-databind-2.14.2.jar
+  This is currently disputed.
+  ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions> 

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ plugins {`
`6`	`6`	`}`
`7`	`7`
`8`	`8`	`dependencies {`
`9`		`- api(platform("io.grpc:grpc-bom:1.56.0"))`
	`9`	`+ api(platform("io.grpc:grpc-bom:1.57.2"))`
`10`	`10`	`api("io.reactivex.rxjava3:rxjava:3.1.4")`
`11`	`11`	`api("io.grpc:grpc-stub")`
`12`	`12`	`api(project(":grpc-context-utils"))`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ tasks.test {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`dependencies {`
`13`		`- api(platform("io.grpc:grpc-bom:1.56.0"))`
	`13`	`+ api(platform("io.grpc:grpc-bom:1.57.2"))`
`14`	`14`	`implementation("io.grpc:grpc-core")`
`15`	`15`
`16`	`16`	`implementation("com.auth0:java-jwt:4.4.0")`