Update dependencies to fix security vulnerability CVE-2023-32731

[michael-valdron]

Which area/kind this issue is related to?

/area library /area registry

Issue Description

There is a recent reported high level security vulnerability CVE-2023-32731 which effects gRPC.

The following modules should have the dependency google.golang.org/grpc updated:

• [ ] devfile/library - https://github.com/devfile/library/pull/176
• [ ] devfile/registry - validate devfile schemas - https://github.com/devfile/registry/pull/194
• [ ] devfile/registry-operator - https://github.com/devfile/registry-operator/pull/44
• [ ] devfile/registry-support - https://github.com/devfile/registry-support/pull/177
  • index/server
  • index/generator
  • tests/integration
  • registry-library

Target Date: TBA

[michael-valdron]

All PRs for this issue are created with the vulnerability patch and are ready for review.

[michael-valdron]

Blocked due to the direct dependency not patching this yet: https://github.com/devfile/registry-operator/pull/44#discussion_r1268653769

[michael-valdron]

This commit which is currently under kubernetes staging should provide a patch for this: https://github.com/kubernetes/kubernetes/commit/a045fedd025c08ad6cb116a9beb3042b6be39fd1

[michael-valdron]

Direct dependencies now have patches so will unblock this issue.

[michael-valdron]

Revising PRs for review next sprint.

[michael-valdron]

No updates as of late due to focus on other tasks.

[michael-valdron]

Continuing in Sprint 245 due to vacation leave.

[michael-valdron]

After consideration on this issue, I have decided to defer this to be part of #1237 and will close this item.