Fix vulnerable deps (#391)

* fix some deps vulnerabilities

* update agent config

* fix guava version

* fix jackson dep

* use android version for guava

* fix jackson ver

* fix jackson ver

* fix shaded protobuf version

buildSrc/build.gradle.kts

@@ -36,7 +36,7 @@ dependencies {
   implementation("org.eclipse.aether", "aether-transport-http", "1.1.0")
   implementation("org.apache.maven", "maven-aether-provider", "3.3.9")
 
-  implementation("com.google.guava", "guava", "20.0")
+  implementation("com.google.guava", "guava", "32.0.0-android")
   implementation("org.ow2.asm", "asm", "9.1")
   implementation("org.ow2.asm", "asm-tree", "9.1")
   implementation("org.apache.httpcomponents:httpclient:4.5.10")

instrumentation/spark-2.3/build.gradle.kts

@@ -28,9 +28,6 @@ val versions: Map<String, String> by extra
 dependencies {
     api(project(":instrumentation:servlet:servlet-3.0"))
 
-    testImplementation("io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-spark-2.3:${versions["opentelemetry_java_agent"]}")
-    testImplementation("io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-servlet-3.0:${versions["opentelemetry_java_agent"]}")
-    testImplementation("io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-jetty-8.0:${versions["opentelemetry_java_agent"]}")
     testRuntimeOnly("io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-servlet-common-bootstrap:${versions["opentelemetry_java_agent"]}")
     muzzleBootstrap("io.opentelemetry.javaagent.instrumentation:opentelemetry-javaagent-servlet-common-bootstrap:${versions["opentelemetry_java_agent"]}")
 

javaagent-core/build.gradle.kts

@@ -9,7 +9,7 @@ dependencies {
     api("io.opentelemetry:opentelemetry-api:${versions["opentelemetry"]}")
     api("io.opentelemetry.instrumentation:opentelemetry-instrumentation-api:${versions["opentelemetry"]}")
     implementation("org.slf4j:slf4j-api:${versions["slf4j"]}")
-    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3") {
+    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4") {
         constraints {
             implementation("org.yaml:snakeyaml:1.31") {
                 because(

otel-extensions/build.gradle.kts

@@ -7,7 +7,7 @@ plugins {
 }
 
 
-val protobufVersion = "3.16.1"
+val protobufVersion = "3.19.6"
 
 protobuf {
     protoc {
@@ -59,7 +59,7 @@ dependencies {
     api("com.google.protobuf:protobuf-java")
     api("com.google.protobuf:protobuf-java-util")
     // convert yaml to json, since java protobuf impl supports only json
-    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.3") {
+    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4") {
         constraints {
             implementation("org.yaml:snakeyaml:1.31") {
                 because(

smoke-tests/build.gradle.kts

@@ -24,7 +24,7 @@ dependencies{
     testImplementation("com.google.protobuf:protobuf-java-util:3.15.8")
     testImplementation("org.spockframework:spock-core:1.3-groovy-2.5")
     testImplementation("info.solidsoft.spock:spock-global-unroll:0.5.1")
-    testImplementation("com.fasterxml.jackson.core:jackson-databind:2.11.2")
+    testImplementation("com.fasterxml.jackson.core:jackson-databind:2.13.4")
     testImplementation("org.codehaus.groovy:groovy-all:2.5.11")
     testImplementation("io.opentelemetry:opentelemetry-semconv:${versions["opentelemetry"]}-alpha")
 }