Update dependencies to address GO-2024-2687

Signed-off-by: Mark S. Lewis <[email protected]>

Author: bestbeforetoday

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/mock v0.4.0
 	golang.org/x/crypto v0.21.0
-	google.golang.org/grpc v1.62.1
+	google.golang.org/grpc v1.63.0
 	google.golang.org/protobuf v1.33.0
 )
 
@@ -19,14 +19,13 @@ require (
 	github.com/cucumber/messages/go/v21 v21.0.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-memdb v1.3.4 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	golang.org/x/net v0.22.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -13,8 +13,6 @@ github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx
 github.com/gofrs/uuid v4.3.1+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
 github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@@ -58,16 +56,16 @@ go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8 h1:IR+hp6ypxjH24bkMfEJ0yHR21+gwPWdV+/IBrPQyn3k=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
-google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
-google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda h1:LI5DOvAxUPMv/50agcLLoo+AdWc1irS9Rzz4vPuD1V4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8=
+google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

java/pom.xml

@@ -373,7 +373,7 @@
                             <dependency>
                                 <groupId>com.puppycrawl.tools</groupId>
                                 <artifactId>checkstyle</artifactId>
-                                <version>10.14.2</version>
+                                <version>10.15.0</version>
                             </dependency>
                         </dependencies>
                     </plugin>
@@ -387,7 +387,7 @@
                     <plugin>
                         <groupId>org.owasp</groupId>
                         <artifactId>dependency-check-maven</artifactId>
-                        <version>9.0.10</version>
+                        <version>9.1.0</version>
                         <configuration>
                             <skipProvidedScope>true</skipProvidedScope>
                             <skipTestScope>true</skipTestScope>

node/package.json

@@ -42,13 +42,13 @@
         "pkcs11js": "^2.1.0"
     },
     "devDependencies": {
-        "@cyclonedx/cyclonedx-npm": "^1.16.1",
-        "@tsconfig/node18": "^18.2.2",
+        "@cyclonedx/cyclonedx-npm": "^1.16.2",
+        "@tsconfig/node18": "^18.2.4",
         "@types/google-protobuf": "^3.15.12",
         "@types/jest": "^29.5.12",
-        "@types/node": "^18.19.22",
-        "@typescript-eslint/eslint-plugin": "~7.3.1",
-        "@typescript-eslint/parser": "~7.3.1",
+        "@types/node": "^18.19.29",
+        "@typescript-eslint/eslint-plugin": "~7.5.0",
+        "@typescript-eslint/parser": "~7.5.0",
         "eslint": "^8.57.0",
         "eslint-config-prettier": "^9.1.0",
         "eslint-plugin-jest": "^27.9.0",
@@ -58,6 +58,6 @@
         "prettier": "^3.2.5",
         "ts-jest": "^29.1.2",
         "typedoc": "^0.25.11",
-        "typescript": "~5.4.2"
+        "typescript": "~5.4.3"
     }
 }

pkg/client/example_test.go

@@ -59,7 +59,7 @@ func NewGrpcConnection() (*grpc.ClientConn, error) {
 	certPool.AddCert(tlsCertificate)
 	transportCredentials := credentials.NewClientTLSFromCert(certPool, "")
 
-	return grpc.Dial("gateway.example.org:1337", grpc.WithTransportCredentials(transportCredentials))
+	return grpc.NewClient("dns:///gateway.example.org:1337", grpc.WithTransportCredentials(transportCredentials))
 }
 
 // NewIdentity creates a client identity for this Gateway connection using an X.509 certificate.

scenario/go/scenario_test.go

@@ -14,7 +14,6 @@ import (
 	"fmt"
 	"os"
 	"reflect"
-	"strconv"
 	"strings"
 
 	"github.com/cucumber/godog"
@@ -180,10 +179,10 @@ func connectGateway(peer string) error {
 	certPool := x509.NewCertPool()
 	certPool.AddCert(certificate)
 
-	url := conn.host + ":" + strconv.FormatUint(uint64(conn.port), 10)
+	url := fmt.Sprintf("dns:///%s:%d", conn.host, conn.port)
 
 	transportCredentials := credentials.NewClientTLSFromCert(certPool, conn.serverNameOverride)
-	clientConn, err := grpc.Dial(url, grpc.WithTransportCredentials(transportCredentials))
+	clientConn, err := grpc.NewClient(url, grpc.WithTransportCredentials(transportCredentials))
 	if err != nil {
 		return err
 	}

scenario/node/package.json

@@ -25,17 +25,17 @@
         "@hyperledger/fabric-protos": "^0.3.0"
     },
     "devDependencies": {
-        "@cucumber/cucumber": "^10.3.1",
-        "@tsconfig/node18": "^18.2.2",
-        "@types/node": "^18.19.22",
-        "@typescript-eslint/eslint-plugin": "~7.3.1",
-        "@typescript-eslint/parser": "~7.3.1",
+        "@cucumber/cucumber": "^10.3.2",
+        "@tsconfig/node18": "^18.2.4",
+        "@types/node": "^18.19.29",
+        "@typescript-eslint/eslint-plugin": "~7.5.0",
+        "@typescript-eslint/parser": "~7.5.0",
         "cucumber-console-formatter": "^1.0.0",
         "eslint": "^8.57.0",
         "eslint-config-prettier": "^9.1.0",
         "expect": "^29.7.0",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.2.5",
-        "typescript": "~5.4.2"
+        "typescript": "~5.4.3"
     }
 }