updated service framework version (#222)

* updated servie framework version

* Update postgresql version

update postgresql version to 42.4.4 to resolve CVE-2024-1597 vulnerability

* Update org.apache.commons version

update org.apache.commons version to 1.26.0 to resolve CVE-2024-25710 and CVE-2024-26308 vulnerabilities

* updated org.apache.zookeeper version

updated to org.apache.zookeeper:zookeeper to 3.8.4 to resolve CVE-2024-23944 vulnerability

* updated grpc-utils to 0.13.2

* added suppressions for CVE-2024-29133 and CVE-2024-29133

---------

Co-authored-by: Dhamodhar Reddy  Dakannagari <[email protected]>

Author: Dhamodhar-DDR

owasp-suppressions.xml

@@ -34,4 +34,13 @@
     <packageUrl regex="true">^pkg:maven/com\.jayway\.jsonpath/json\[email protected]$</packageUrl>
     <vulnerabilityName>CVE-2023-51074</vulnerabilityName>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   CVE-2024-29133, CVE-2024-29131 only impacts commons-configuration 2+, which is already fixed. Commons configuration 1 is a different artifact and unimpacted.
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/commons\-configuration/commons\-configuration@1\..*$
+    </packageUrl>
+    <vulnerabilityName>CVE-2024-29133</vulnerabilityName>
+    <vulnerabilityName>CVE-2024-29131</vulnerabilityName>
+  </suppress>
 </suppressions>

query-service-client/build.gradle.kts

@@ -7,7 +7,7 @@ plugins {
 
 dependencies {
   api(project(":query-service-api"))
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.2")
 
   // Logging
   implementation("org.slf4j:slf4j-api:2.0.11")

query-service-factory/build.gradle.kts

@@ -3,7 +3,7 @@ plugins {
 }
 
 dependencies {
-  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.64")
+  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.71")
 
   implementation(project(":query-service-impl"))
   implementation("com.google.inject:guice:5.0.1")

query-service-impl/build.gradle.kts

@@ -25,14 +25,14 @@ dependencies {
     implementation("org.apache.avro:avro:1.11.3") {
       because("CVE-2023-39410")
     }
-    implementation("org.apache.commons:commons-compress:1.24.0") {
-      because("CVE-2023-42503")
+    implementation("org.apache.commons:commons-compress:1.26.0") {
+      because("CVE-2024-25710")
     }
     implementation("org.apache.helix:helix-core:1.3.0") {
       because("CVE-2022-47500")
     }
-    implementation("org.apache.zookeeper:zookeeper:3.7.2") {
-      because("CVE-2023-44981")
+    implementation("org.apache.zookeeper:zookeeper:3.8.4") {
+      because("CVE-2024-23944")
     }
     implementation("org.webjars:swagger-ui:5.1.0") {
       because("CVE-2019-16728,CVE-2020-26870")
@@ -60,9 +60,9 @@ dependencies {
   }
   api(project(":query-service-api"))
   api("com.typesafe:config:1.4.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.13.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.13.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.13.2")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.13.2")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.13.2")
   implementation("org.hypertrace.core.attribute.service:attribute-service-api:0.14.26")
   implementation("org.hypertrace.core.attribute.service:attribute-projection-registry:0.14.26")
   implementation("org.hypertrace.core.attribute.service:caching-attribute-service-client:0.14.26")
@@ -74,12 +74,12 @@ dependencies {
   }
   implementation("org.slf4j:slf4j-api:2.0.11")
   implementation("commons-codec:commons-codec:1.15")
-  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.64")
+  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.71")
   implementation("com.google.protobuf:protobuf-java-util:3.22.0")
   implementation("com.google.guava:guava:32.1.2-jre")
   implementation("io.reactivex.rxjava3:rxjava:3.0.11")
   implementation("com.squareup.okhttp3:okhttp:4.11.0")
-  implementation("org.postgresql:postgresql:42.4.3")
+  implementation("org.postgresql:postgresql:42.4.4")
   implementation("io.trino:trino-jdbc:423")
 
   annotationProcessor("org.projectlombok:lombok:1.18.30")

query-service/build.gradle.kts

@@ -10,8 +10,8 @@ plugins {
 
 dependencies {
   implementation(project(":query-service-factory"))
-  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.13.1")
-  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.64")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.13.2")
+  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.71")
   implementation("org.slf4j:slf4j-api:2.0.11")
   implementation("com.typesafe:config:1.4.1")
 
@@ -22,7 +22,7 @@ dependencies {
   integrationTestImplementation("org.testcontainers:testcontainers:1.16.2")
   integrationTestImplementation("org.testcontainers:junit-jupiter:1.16.2")
   integrationTestImplementation("org.testcontainers:kafka:1.16.2")
-  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.64")
+  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.71")
   integrationTestImplementation("com.github.stefanbirkner:system-lambda:1.2.0")
 
   integrationTestImplementation("org.apache.kafka:kafka-clients:7.2.1-ccs")