From 29322f96d93eaa358980d2a3294f6177bc3557c8 Mon Sep 17 00:00:00 2001
From: lokeshrangineni <19699092+lokeshrangineni@users.noreply.github.com>
Date: Thu, 19 Dec 2024 18:37:50 -0500
Subject: [PATCH] [Snyk] Fix for 2 vulnerabilities (#3)

* chore: Update quickstart.md

* fix: java/serving/pom.xml & java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-2807808
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETHRIFT-1074898
- https://snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327
- https://snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
- https://snyk.io/vuln/SNYK-JAVA-IOGRPC-571957
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284
- https://snyk.io/vuln/SNYK-JAVA-JUNIT-1017047

* fix: sdk/python/feast/ui/package.json & sdk/python/feast/ui/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>

* fix: java/pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356

Signed-off-by: lrangine <19699092+lokeshrangineni@users.noreply.github.com>
---
 java/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/pom.xml b/java/pom.xml
index dbb24aa34f..0e8811e579 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -41,7 +41,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
-        <grpc.version>1.53.0</grpc.version>
+        <grpc.version>1.63.0</grpc.version>
         <protoc.version>3.12.2</protoc.version>
         <protobuf.version>3.25.5</protobuf.version>
         <com.google.cloud.version>1.111.1</com.google.cloud.version>
@@ -67,7 +67,7 @@
         <javax.validation.version>2.0.1.Final</javax.validation.version>
         <google.auth.library.oauth2.http.version>0.21.0</google.auth.library.oauth2.http.version>
         <auto.value.version>1.6.6</auto.value.version>
-        <guava.version>30.1-jre</guava.version>
+        <guava.version>32.0.0-jre</guava.version>
         <reactor.version>3.4.34</reactor.version>
         <netty.version>4.1.101.Final</netty.version>