chore: Security upgrade io.grpc:grpc-protobuf from 1.48.1 to 1.48.2 #114
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@justinabrahms FYI, Synk opened this PR on your behalf. Are you okay with this? If so, can we configure Synk to open PRs with |
|
No setting for that. I've reached out to their support. |
toddbaert
force-pushed
the
snyk-fix-5695864516d1fc7965d14e92d8e67243
branch
from
0ff75ff to
2799e52
Compare
toddbaert
changed the title
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284 Signed-off-by: Todd Baert <[email protected]>
toddbaert
force-pushed
the
snyk-fix-5695864516d1fc7965d14e92d8e67243
branch
from
2799e52 to
7e44b9a
Compare
toddbaert
approved these changes
Oct 13, 2022
toddbaert
added a commit
to toddbaert/java-sdk-contrib
that referenced
this pull request
Nov 1, 2022
* feat!: migrate to sdk 0.5.0
DBlanchard88
pushed a commit
to DBlanchard88/java-sdk-contrib
that referenced
this pull request
Apr 29, 2024
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]>
DBlanchard88
pushed a commit
to DBlanchard88/java-sdk-contrib
that referenced
this pull request
Apr 29, 2024
* chore: add integration tests (open-feature#77) * chore: add integration tests Signed-off-by: Todd Baert <[email protected]> * improve POM spacing Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(main): release dev.openfeature.javasdk 0.2.2 (open-feature#76) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * feat!: errorCode as enum, reason as string (open-feature#80) * feat!: errorCode as enum, reason as string - makes errorCode an enum - makes reason a string - adds errorMessage to resolution/evaluation details Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: add CODEOWNERS (open-feature#85) Create CODEOWNERS refs open-feature/java-sdk#83 Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Configure Renovate (open-feature#86) chore(deps): add renovate.json Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency com.github.spotbugs:spotbugs to v4.7.2 (open-feature#87) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.7.2.0 (open-feature#88) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.4.1 (open-feature#90) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.13 (open-feature#91) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * fix(deps): update junit5 monorepo (open-feature#92) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-pmd-plugin to v3.19.0 (open-feature#97) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * fix(deps): update dependency io.cucumber:cucumber-bom to v7.8.0 (open-feature#100) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.mockito:mockito-core to v4.8.0 (open-feature#99) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update codecov/codecov-action action to v3 (open-feature#102) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v1.6 (open-feature#96) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-source-plugin to v3 (open-feature#105) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.10.1 (open-feature#95) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3 (open-feature#104) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.2.0 (open-feature#94) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/cache action to v3 (open-feature#101) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1 (open-feature#93) * chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1 * scope property went away in the latest version jshiell/checkstyle-idea#525 (comment) Signed-off-by: Justin Abrahms <[email protected]> * scope wasn't deleted on the other one Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * refactor!: Change the package name. Everyone knows it's java (or it doesn't matter) (open-feature#111) * Change the package name. Everyone knows it's java (or it doesn't matter) Fixes open-feature#82 Signed-off-by: Justin Abrahms <[email protected]> * Missed 2 strings Signed-off-by: Justin Abrahms <[email protected]> * remove broken flagd import until changes absorbed Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Todd Baert <[email protected]> Co-authored-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Write perms should be as tightly scoped as possible. (open-feature#107) * Add a dependabot file to keep deps up to date Signed-off-by: Justin Abrahms <[email protected]> * Move write permissions to the specific job, rather than globally Signed-off-by: Justin Abrahms <[email protected]> * Run code scanning (slow auto-build) weekly Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: fix dependabot pr titles (open-feature#118) Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Bump cucumber-bom from 7.8.0 to 7.8.1 (open-feature#115) Bump cucumber-bom from 7.8.0 to 7.8.1 Bumps [cucumber-bom](https://github.com/cucumber/cucumber-jvm) from 7.8.0 to 7.8.1. - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](cucumber/cucumber-jvm@v7.8.0...v7.8.1) --- updated-dependencies: - dependency-name: io.cucumber:cucumber-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: add SAST scanning (open-feature#108) * add SAST scanning Refs open-feature#84 Signed-off-by: Justin Abrahms <[email protected]> * Java scanning only Signed-off-by: Justin Abrahms <[email protected]> * Try codeql on the normal build to see how much longer it is. Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * feat!: use evaluation context interface (open-feature#112) * POC - use evaluation context interface Signed-off-by: Todd Baert <[email protected]> * make .merge non-static Signed-off-by: Todd Baert <[email protected]> * improve naming Signed-off-by: Todd Baert <[email protected]> * add @OverRide Signed-off-by: Todd Baert <[email protected]> * Update src/main/java/dev/openfeature/sdk/EvaluationContext.java Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Todd Baert <[email protected]> * Update src/main/java/dev/openfeature/sdk/MutableContext.java Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Todd Baert <[email protected]> * address PR feedback Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * feat: Support for generating CycloneDX sboms (open-feature#119) Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: [StepSecurity] ci: Harden GitHub Actions (open-feature#120) * [StepSecurity] ci: Harden GitHub Actions in release.yml * [StepSecurity] ci: Harden GitHub Actions in static-code-scanning.yaml * [StepSecurity] ci: Harden GitHub Actions in lint-pr.yml * [StepSecurity] ci: Harden GitHub Actions in merge.yml * [StepSecurity] ci: Harden GitHub Actions in pullrequest.yml Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: I don't think we use that permission? (open-feature#123) I don't think we use that permission? Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Document where to find our SBOMs (open-feature#124) Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/cache digest to a3f5edc (open-feature#121) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/setup-java digest to e150063 (open-feature#125) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Remove more perms (open-feature#130) Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.1 (open-feature#128) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update github/codeql-action digest to 3d39294 (open-feature#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update codecov/codecov-action digest to e0fbd59 (open-feature#126) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Bump actions/checkout from 3.0.2 to 3.1.0 (open-feature#139) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@2541b12...93ea575) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Bump actions/setup-java from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33 (open-feature#140) chore: Bump actions/setup-java Bumps [actions/setup-java](https://github.com/actions/setup-java) from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@e150063...a82e6d0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.2.1 (open-feature#136) Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.7.2.0 to 4.7.2.1. - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.7.2.0...spotbugs-maven-plugin-4.7.2.1) --- updated-dependencies: - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: exclude component in git tag (open-feature#143) Signed-off-by: Michael Beemer <[email protected]> Signed-off-by: Michael Beemer <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.2 (open-feature#141) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * feat!: add rw locks to client/api, hook accessor name (open-feature#131) * fix: add read/write locks to client/api Signed-off-by: Todd Baert <[email protected]> * dont lock entire evaluation Signed-off-by: Todd Baert <[email protected]> * add tests Signed-off-by: Todd Baert <[email protected]> * fixup comment Signed-off-by: Todd Baert <[email protected]> * fixup pom comment Signed-off-by: Todd Baert <[email protected]> * increase lock granularity, imporove tests Signed-off-by: Todd Baert <[email protected]> * fix spotbugs Signed-off-by: Todd Baert <[email protected]> * remove commented test Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/setup-java digest to 3617c43 (open-feature#132) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update amannn/action-semantic-pull-request digest to b314c1b (open-feature#135) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Remove dependabot. I like renovate better (open-feature#142) Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update amannn/action-semantic-pull-request digest to 7c194c2 (open-feature#144) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update github/codeql-action digest to 44edb7c (open-feature#133) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/checkout digest to 8230315 (open-feature#122) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(main): release 0.3.0 (open-feature#114) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: re-enable integration tests (open-feature#146) Update test harness and re-enable integration test profile Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/cache digest to 9b0c1fc (open-feature#145) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * fix: merge eval context (open-feature#149) fix merge eval context Signed-off-by: Robert Grassian <[email protected]> Signed-off-by: Robert Grassian <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(main): release 0.3.1 (open-feature#150) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update github/codeql-action digest to 297ec80 (open-feature#147) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: update test/spec association numbers, badge (open-feature#156) * chore: update test/spec association numbers Signed-off-by: Todd Baert <[email protected]> * chore: update spec tag Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/cache digest to 2b04a41 (open-feature#158) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(security): [Snyk] Security upgrade com.github.spotbugs:spotbugs from 4.7.2 to 4.7.3 (open-feature#157) fix: pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138 Co-authored-by: snyk-bot <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Add docs link (open-feature#165) Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore: Mark project as active. (open-feature#167) Mark project as active. Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(main): release 1.0.0 (open-feature#168) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * chore(deps): update actions/cache digest to 8bec1e4 (open-feature#159) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> * changes spotbug scope to provided. Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> Signed-off-by: Todd Baert <[email protected]> Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: Justin Abrahms <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Michael Beemer <[email protected]> Signed-off-by: Robert Grassian <[email protected]> Signed-off-by: Pramesh <[email protected]> Co-authored-by: Todd Baert <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Justin Abrahms <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Step Security Bot <[email protected]> Co-authored-by: Michael Beemer <[email protected]> Co-authored-by: Robert Grassian <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Bhandari, Pramesh(AWF) <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 5.7
SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
io.grpc:grpc-protobuf:1.48.1 -> 1.48.2(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Denial of Service (DoS)