Bump Grpc.Net.Client to 2.52.0 (#2763)

to mitigate CVE-2023-32731

CHANGELOG.md

@@ -18,6 +18,7 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h
 - In plugins `ConfigureTracerProvider` and `ConfigureMeterProvider` are changed now
   to `AfterConfigureTracerProvider` and `AfterConfigureMeterProvider`.
   See [plugins documentation](/docs/plugins.md) for details.
+- Minimal version of `Grpc.Net.Client` supported on .NET updated to `2.52.0`.
 
 ### Deprecated
 

build/LibraryVersions.g.cs

@@ -49,8 +49,7 @@ public static class LibraryVersion
             "TestApplication.GrpcNetClient",
             new List<string>
             {
-                "2.43.0",
-                "2.54.0",
+                "2.52.0",
                 "2.55.0",
             }
         },

docs/config.md

@@ -130,7 +130,7 @@ due to lack of stable semantic convention.
 | `ELASTICSEARCH`       | [Elastic.Clients.Elasticsearch](https://www.nuget.org/packages/Elastic.Clients.Elasticsearch)                                                                                                   | ≥8.0.0             | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
 | `ENTITYFRAMEWORKCORE` | [Microsoft.EntityFrameworkCore](https://www.nuget.org/packages/) **Not supported on .NET Framework**                                                                                            | ≥6.0.12            | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
 | `GRAPHQL`             | [GraphQL](https://www.nuget.org/packages/GraphQL) **Not supported on .NET Framework**                                                                                                           | ≥7.5.0             | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
-| `GRPCNETCLIENT`       | [Grpc.Net.Client](https://www.nuget.org/packages/Grpc.Net.Client)                                                                                                                               | ≥2.43.0 & < 3.0.0  | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
+| `GRPCNETCLIENT`       | [Grpc.Net.Client](https://www.nuget.org/packages/Grpc.Net.Client)                                                                                                                               | ≥2.52.0 & < 3.0.0  | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
 | `HTTPCLIENT`          | [System.Net.Http.HttpClient](https://docs.microsoft.com/dotnet/api/system.net.http.httpclient) and [System.Net.HttpWebRequest](https://docs.microsoft.com/dotnet/api/system.net.httpwebrequest) | *                  | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
 | `QUARTZ`              | [Quartz](https://www.nuget.org/packages/Quartz) **Not supported on .NET Framework 4.7.1 and older**                                                                                             | ≥3.4.0             | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |
 | `MASSTRANSIT`         | [MassTransit](https://www.nuget.org/packages/MassTransit) **Not supported on .NET Framework**                                                                                                   | ≥8.0.0             | source                  | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) |

src/Directory.Packages.props

@@ -15,6 +15,8 @@
 
   <!-- Versions from OpenTelemetry.AutoInstrumentation.csproj -->
   <ItemGroup>
+    <!--Grpc.Net.Client is added here to force update version t0 2.52.0. It should be removed when we upgrade OTel to 1.6.0 -->
+    <PackageVersion Include="Grpc.Net.Client" Version="2.52.0" />
     <PackageVersion Include="MongoDB.Driver.Core.Extensions.DiagnosticSources" Version="1.3.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol.Logs" Version="1.5.0-rc.1" />
     <PackageVersion Include="OpenTelemetry.Exporter.Prometheus.HttpListener" Version="1.5.0-rc.1" />

src/OpenTelemetry.AutoInstrumentation/OpenTelemetry.AutoInstrumentation.csproj

@@ -49,6 +49,8 @@
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'net6.0' ">
+    <!--Grpc.Net.Client is added here to force update version t0 2.52.0. It should be removed when we upgrade OTel to 1.6.0 -->
+    <PackageReference Include="Grpc.Net.Client" />
     <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol.Logs" />
     <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" />
     <PackageReference Include="OpenTelemetry.Instrumentation.EntityFrameworkCore" />

test/IntegrationTests/LibraryVersions.g.cs

@@ -54,8 +54,7 @@ public static class LibraryVersion
 #if DEFAULT_TEST_PACKAGE_VERSIONS
         new object[] { string.Empty }
 #else
-        new object[] { "2.43.0" },
-        new object[] { "2.54.0" },
+        new object[] { "2.52.0" },
         new object[] { "2.55.0" },
 #endif
     };

tools/LibraryVersionsGenerator/PackageVersionDefinitions.cs

@@ -71,8 +71,7 @@ internal static class PackageVersionDefinitions
             TestApplicationName = "TestApplication.GrpcNetClient",
             Versions = new List<string>
             {
-                "2.43.0",
-                "2.54.0",
+                "2.52.0",
                 "*"
             }
         },