fix vulnerabilities

owasp-suppressions.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[
+   Any hypertrace dep
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.hypertrace\..*@.*$</packageUrl>
+    <cpe>cpe:/a:grpc:grpc</cpe>
+    <cpe>cpe:/a:utils_project:utils</cpe>
+  </suppress>
+</suppressions> 

query-service-api/build.gradle.kts

@@ -66,7 +66,7 @@ tasks.test {
 }
 
 dependencies {
-  api(platform("io.grpc:grpc-bom:1.50.0"))
+  api(platform("io.grpc:grpc-bom:1.56.0"))
   api("io.grpc:grpc-protobuf")
   api("io.grpc:grpc-stub")
   api("javax.annotation:javax.annotation-api:1.3.2")

query-service-client/build.gradle.kts

@@ -7,7 +7,7 @@ plugins {
 
 dependencies {
   api(project(":query-service-api"))
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.11.2")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
 
   // Logging
   implementation("org.slf4j:slf4j-api:1.7.32")

query-service-factory/build.gradle.kts

@@ -3,7 +3,7 @@ plugins {
 }
 
 dependencies {
-  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.49")
+  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.53")
 
   implementation(project(":query-service-impl"))
   implementation("com.google.inject:guice:5.0.1")

query-service-impl/build.gradle.kts

@@ -13,16 +13,16 @@ dependencies {
     implementation("io.netty:netty:3.10.6.Final") {
       because("https://snyk.io/vuln/SNYK-JAVA-IONETTY-30430")
     }
-    implementation("io.netty:netty-common:4.1.77.Final") {
+    implementation("io.netty:netty-common:4.1.94.Final") {
       because("https://snyk.io/vuln/SNYK-JAVA-IONETTY-2812456")
     }
     implementation("org.apache.zookeeper:zookeeper:3.6.3") {
       because("Multiple vulnerabilities")
     }
-    implementation("io.netty:netty-transport-native-epoll:4.1.71.Final") {
+    implementation("io.netty:netty-transport-native-epoll:4.1.94.Final") {
       because("Multiple vulnerabilities")
     }
-    implementation("io.netty:netty-handler:4.1.71.Final") {
+    implementation("io.netty:netty-handler:4.1.94.Final") {
       because("Multiple vulnerabilities")
     }
     implementation("org.jetbrains.kotlin:kotlin-stdlib:1.6.0") {
@@ -31,7 +31,7 @@ dependencies {
           "in org.jetbrains.kotlin:[email protected]"
       )
     }
-    implementation("com.fasterxml.jackson.core:jackson-databind:2.14.2") {
+    implementation("com.fasterxml.jackson.core:jackson-databind:2.15.2") {
       because("Multiple vulnerabilities")
     }
     implementation("com.101tec:zkclient:0.11") {
@@ -40,12 +40,12 @@ dependencies {
   }
   api(project(":query-service-api"))
   api("com.typesafe:config:1.4.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.11.2")
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.11.2")
-  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.11.2")
-  implementation("org.hypertrace.core.attribute.service:attribute-service-api:0.12.3")
-  implementation("org.hypertrace.core.attribute.service:attribute-projection-registry:0.12.3")
-  implementation("org.hypertrace.core.attribute.service:caching-attribute-service-client:0.12.3")
+  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.12.1")
+  implementation("org.hypertrace.core.attribute.service:attribute-service-api:0.14.26")
+  implementation("org.hypertrace.core.attribute.service:attribute-projection-registry:0.14.26")
+  implementation("org.hypertrace.core.attribute.service:caching-attribute-service-client:0.14.26")
   implementation("com.google.inject:guice:5.0.1")
   implementation("org.apache.pinot:pinot-java-client:0.10.0") {
     // We want to use log4j2 impl so exclude the log4j binding of slf4j
@@ -54,9 +54,9 @@ dependencies {
   }
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("commons-codec:commons-codec:1.15")
-  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.49")
+  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.53")
   implementation("com.google.protobuf:protobuf-java-util:3.22.0")
-  implementation("com.google.guava:guava:31.1-jre")
+  implementation("com.google.guava:guava:32.0.1-jre")
   implementation("io.reactivex.rxjava3:rxjava:3.0.11")
   implementation("com.squareup.okhttp3:okhttp:4.9.3")
   implementation("org.postgresql:postgresql:42.4.3")

query-service/build.gradle.kts

@@ -10,8 +10,8 @@ plugins {
 
 dependencies {
   implementation(project(":query-service-factory"))
-  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.11.2")
-  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.49")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.1")
+  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.53")
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("com.typesafe:config:1.4.1")
 
@@ -28,12 +28,12 @@ dependencies {
   integrationTestImplementation("org.apache.kafka:kafka-clients:5.5.1-ccs")
   integrationTestImplementation("org.apache.kafka:kafka-streams:5.5.1-ccs")
   integrationTestImplementation("org.apache.avro:avro:1.11.1")
-  integrationTestImplementation("com.google.guava:guava:31.1-jre")
+  integrationTestImplementation("com.google.guava:guava:32.0.1-jre")
   integrationTestImplementation("org.hypertrace.core.datamodel:data-model:0.1.12")
   integrationTestImplementation("org.hypertrace.core.kafkastreams.framework:kafka-streams-serdes:0.1.13")
 
   integrationTestImplementation(project(":query-service-client"))
-  integrationTestImplementation("org.hypertrace.core.attribute.service:attribute-service-client:0.12.3")
+  integrationTestImplementation("org.hypertrace.core.attribute.service:attribute-service-client:0.14.26")
 }
 
 application {