Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing vulnerability in transitive protobuf-java #1177

Merged
merged 1 commit into from
Dec 9, 2024

Conversation

salaboy
Copy link
Contributor

@salaboy salaboy commented Dec 9, 2024

Description

This upgrades the GRPC java version that we are using to 1.68.2 that brings protobuf-java 3.25.5 which fix a HIGH vulnerability.

https://central.sonatype.com/artifact/io.grpc/grpc-protobuf/1.68.2

Issue reference

We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.

Please reference the issue this PR will close: #1178

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

  • Code compiles correctly
  • Created/updated tests
  • Extended the documentation

@salaboy salaboy requested review from a team as code owners December 9, 2024 10:07
@artursouza artursouza merged commit aa5a7c4 into dapr:release-1.13 Dec 9, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants