Update protobuf-java to address CVE-2024-7254

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>

examples/build.gradle

@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {

examples/example-alts/build.gradle

@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     // grpc-alts transitively depends on grpc-netty-shaded, grpc-protobuf, and grpc-stub

examples/example-debug/build.gradle

@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-debug/pom.xml

@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-dualstack/build.gradle

@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-dualstack/pom.xml

@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-gauth/build.gradle

@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 

examples/example-gauth/pom.xml

@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-gcp-csm-observability/build.gradle

@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
 

examples/example-gcp-observability/build.gradle

@@ -26,7 +26,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-hostname/build.gradle

@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-hostname/pom.xml

@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-jwt-auth/build.gradle

@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {

examples/example-jwt-auth/pom.xml

@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-oauth/build.gradle

@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protobufVersion = '3.25.3'
+def protobufVersion = '3.25.5'
 def protocVersion = protobufVersion
 
 dependencies {

examples/example-oauth/pom.xml

@@ -14,8 +14,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-opentelemetry/build.gradle

@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 def openTelemetryVersion = '1.40.0'
 def openTelemetryPrometheusVersion = '1.40.0-alpha'
 

examples/example-orca/build.gradle

@@ -19,7 +19,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-reflection/build.gradle

@@ -19,7 +19,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-servlet/build.gradle

@@ -17,7 +17,7 @@ java {
 }
 
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}",

examples/example-tls/build.gradle

@@ -25,7 +25,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/example-tls/pom.xml

@@ -13,7 +13,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for jdk9 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

examples/example-xds/build.gradle

@@ -24,7 +24,7 @@ java {
 // Feel free to delete the comment at the next line. It is just for safely
 // updating the version in our release process.
 def grpcVersion = '1.68.0-SNAPSHOT' // CURRENT_GRPC_VERSION
-def protocVersion = '3.25.3'
+def protocVersion = '3.25.5'
 
 dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"

examples/pom.xml

@@ -13,8 +13,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <grpc.version>1.68.0-SNAPSHOT</grpc.version><!-- CURRENT_GRPC_VERSION -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
-    <protoc.version>3.25.3</protoc.version>
+    <protoc.version>3.25.5</protoc.version>
     <!-- required for JDK 8 -->
     <maven.compiler.source>1.8</maven.compiler.source>
     <maven.compiler.target>1.8</maven.compiler.target>

gradle/libs.versions.toml

@@ -6,7 +6,7 @@ nettytcnative = '2.0.65.Final'
 opencensus = "0.31.1"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
-protobuf = "3.25.3"
+protobuf = "3.25.5"
 
 [libraries]
 android-annotations = "com.google.android:annotations:4.1.1.4"