From 700b0f60e98a092fe5195bb18a0c2c10682e98ab Mon Sep 17 00:00:00 2001 From: Tanner Lewis Date: Tue, 24 Sep 2024 10:00:15 -0500 Subject: [PATCH 1/2] Upgrade protobuf version for better security posture Signed-off-by: Tanner Lewis --- TrafficCapture/captureProtobufs/build.gradle | 4 ++-- commonDependencyVersionConstraints/build.gradle | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/TrafficCapture/captureProtobufs/build.gradle b/TrafficCapture/captureProtobufs/build.gradle index 8ab54b988..0b005443d 100644 --- a/TrafficCapture/captureProtobufs/build.gradle +++ b/TrafficCapture/captureProtobufs/build.gradle @@ -9,11 +9,11 @@ plugins { dependencies { api project(":commonDependencyVersionConstraints") - api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.22.2' + api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.25.5' } protobuf { protoc { - artifact = "com.google.protobuf:protoc:3.22.2" + artifact = "com.google.protobuf:protoc:3.25.5" } } diff --git a/commonDependencyVersionConstraints/build.gradle b/commonDependencyVersionConstraints/build.gradle index 9dadff64d..57992d1cf 100644 --- a/commonDependencyVersionConstraints/build.gradle +++ b/commonDependencyVersionConstraints/build.gradle @@ -24,7 +24,7 @@ dependencies { api group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' - api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.22.2' + api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.25.5' api group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.2.1' api group: 'software.amazon.msk', name:'aws-msk-iam-auth', version: '2.0.3' @@ -38,7 +38,7 @@ dependencies { api group: 'org.apache.kafka', name:'kafka-clients', version:'3.6.0' - api group: 'com.google.protobuf', name: 'protoc', version: '3.22.2' + api group: 'com.google.protobuf', name: 'protoc', version: '3.25.5' def jmeter = '5.6.3' api group: 'org.apache.jmeter', name: 'ApacheJMeter_core', version: jmeter From e99f373d28bcc58e7bd3d814ffc155d65b1537c3 Mon Sep 17 00:00:00 2001 From: Tanner Lewis Date: Tue, 24 Sep 2024 15:22:13 -0500 Subject: [PATCH 2/2] Use single version declaration Signed-off-by: Tanner Lewis --- TrafficCapture/captureProtobufs/build.gradle | 4 ++-- commonDependencyVersionConstraints/build.gradle | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/TrafficCapture/captureProtobufs/build.gradle b/TrafficCapture/captureProtobufs/build.gradle index 0b005443d..d60e248a4 100644 --- a/TrafficCapture/captureProtobufs/build.gradle +++ b/TrafficCapture/captureProtobufs/build.gradle @@ -9,11 +9,11 @@ plugins { dependencies { api project(":commonDependencyVersionConstraints") - api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.25.5' + api group: 'com.google.protobuf', name: 'protobuf-java' } protobuf { protoc { - artifact = "com.google.protobuf:protoc:3.25.5" + artifact = "com.google.protobuf:protoc:${rootProject.project("commonDependencyVersionConstraints").protobufVersion}" } } diff --git a/commonDependencyVersionConstraints/build.gradle b/commonDependencyVersionConstraints/build.gradle index 57992d1cf..f9e586f74 100644 --- a/commonDependencyVersionConstraints/build.gradle +++ b/commonDependencyVersionConstraints/build.gradle @@ -5,6 +5,10 @@ plugins { java.sourceCompatibility = JavaVersion.VERSION_11 java.targetCompatibility = JavaVersion.VERSION_11 +ext { + protobufVersion='3.25.5' +} + dependencies { constraints { @@ -24,7 +28,7 @@ dependencies { api group: 'com.google.guava', name: 'guava', version: '32.0.1-jre' - api group: 'com.google.protobuf', name: 'protobuf-java', version: '3.25.5' + api group: 'com.google.protobuf', name: 'protobuf-java', version: protobufVersion api group: 'org.apache.httpcomponents.client5', name: 'httpclient5', version: '5.2.1' api group: 'software.amazon.msk', name:'aws-msk-iam-auth', version: '2.0.3' @@ -38,7 +42,7 @@ dependencies { api group: 'org.apache.kafka', name:'kafka-clients', version:'3.6.0' - api group: 'com.google.protobuf', name: 'protoc', version: '3.25.5' + api group: 'com.google.protobuf', name: 'protoc', version: protobufVersion def jmeter = '5.6.3' api group: 'org.apache.jmeter', name: 'ApacheJMeter_core', version: jmeter