fix vulnerabilities (#352)

Author: shashank11p

otel-extensions/build.gradle.kts

@@ -46,6 +46,10 @@ dependencies {
     api("com.google.protobuf:protobuf-java-util")
     // convert yaml to json, since java protobuf impl supports only json
     implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.11.3")
+    // fix vulnerability
+    constraints {
+        api("com.google.code.gson:gson:2.8.9")
+    }
 
     testImplementation("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:${versions["opentelemetry"]}-alpha")
     testImplementation("io.opentelemetry:opentelemetry-sdk:${versions["opentelemetry"]}")

shaded-protobuf-java-util/build.gradle.kts

@@ -8,6 +8,10 @@ dependencies {
         exclude("com.google.protobuf", "protobuf-java")
         exclude("com.google.guava", "guava")
     }
+    // fix vulnerability
+    constraints {
+        implementation("com.google.code.gson:gson:2.8.9")
+    }
 }
 
 tasks.shadowJar {

testing-bootstrap/build.gradle.kts

@@ -16,7 +16,7 @@ dependencies {
     implementation(project(":javaagent-core"))
     implementation(project(":filter-api"))
 
-    implementation("ch.qos.logback:logback-classic:1.2.3")
+    implementation("ch.qos.logback:logback-classic:1.2.7")
     implementation("org.slf4j:slf4j-api:${versions["slf4j"]}")
 }