[TH2-5042] Update BOM and dependencies to get rid of vulnerabilities (#…

…290)

* Update bom and dependencies

* Update version

* Update readme

* Use bom release version. Correct comments

* Use release version for service-generator

README.md

@@ -1,4 +1,4 @@
-# th2 common library (Java) (5.9.1)
+# th2 common library (Java) (5.10.0)
 
 ## Usage
 
@@ -507,6 +507,11 @@ dependencies {
 
 ## Release notes
 
+### 5.10.0-dev
+
++ Update bom: 4.5.0 -> 4.6.0
++ Update grpc-service-generator: 3.5.1 -> 3.6.0
+
 ### 5.9.1-dev
 
 #### Updated:

build.gradle

@@ -37,9 +37,9 @@ group = 'com.exactpro.th2'
 version = release_version
 
 ext {
-    grpcVersion = '1.56.0'
-    protobufVersion = '3.23.2' // The protoc:3.23.3 https://github.com/protocolbuffers/protobuf/issues/13070
-    serviceGeneratorVersion = '3.5.1'
+    grpcVersion = '1.62.2'
+    protobufVersion = '3.25.3'
+    serviceGeneratorVersion = '3.6.0'
 
     cradleVersion = '5.1.5-dev'
     junitVersion = '5.10.2'
@@ -180,15 +180,15 @@ tasks.register('integrationTest', Test) {
 }
 
 dependencies {
-    api platform("com.exactpro.th2:bom:4.5.0")
+    api platform("com.exactpro.th2:bom:4.6.0")
     api('com.exactpro.th2:grpc-common:4.4.0-dev') {
-        because('protobuf transport is main now, this dependnecy should be moved to grpc, mq protobuf modules after splitting')
+        because('protobuf transport is main now, this dependency should be moved to grpc, mq protobuf modules after splitting')
     }
     api("com.exactpro.th2:cradle-core:$cradleVersion") {
-        because('cradle is included into common library now, this dependnecy should be moved to a cradle module after splitting')
+        because('cradle is included into common library now, this dependency should be moved to a cradle module after splitting')
     }
     api('io.netty:netty-buffer') {
-        because('th2 transport protocol is included into common library now, this dependnecy should be moved to a th2 transport module after splitting')
+        because('th2 transport protocol is included into common library now, this dependency should be moved to a th2 transport module after splitting')
     }
 
     jmh 'org.openjdk.jmh:jmh-core:0.9'
@@ -253,6 +253,10 @@ dependencies {
     implementation("com.squareup.okhttp3:okhttp:4.12.0") {
         because('fix vulnerability in transitive dependency <kubernetes-client>')
     }
+    implementation('com.squareup.okhttp3:logging-interceptor:4.12.0') {
+        because('fix vulnerability in transitive dependency <kubernetes-client>')
+    }
+
     implementation("io.fabric8:kubernetes-client:6.10.0") {
         exclude group: 'com.fasterxml.jackson.dataformat', module: 'jackson-dataformat-yaml'
     }
@@ -317,6 +321,10 @@ protobuf {
     }
 }
 
+tasks.named('generateProto') {enabled = false }
+tasks.named('extractIncludeProto') {enabled = false }
+tasks.named('extractIncludeTestFixturesProto') {enabled = false }
+
 compileTestJava.dependsOn.add('generateTestProto')
 processTestResources.dependsOn.add('generateTestProto')
 

gradle.properties

@@ -13,8 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
-release_version=5.9.1
+release_version=5.10.0
 description='th2 common library (Java)'
 vcs_url=https://github.com/th2-net/th2-common-j
-kapt.include.compile.classpath=false
+kapt.include.compile.classpath=false