component governance security fix - protobuffers

[moljac]

Does this change any of the generated binding API's?

No - dependency version bump

Describe your contribution

Bumped version on dependency in order to fix security issue.

• com.google.protobuf:protobufjavalite - 3.21.1 -> 3.21.9

[moljac]

restarted CI build

Unhandled exception. System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (repo1.maven.org:443)
 ---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
   at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
   at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---

[moljac]

Note:

seems like false positive - GPS-FB-MLKit not using versiopn 11.0.2 at all (some cake addin/tool transitive dependency):

GHSA-5crp-9r3c-p9vr | Newtonsoft.Json 11.0.2 | high

in:

/s/tools/Addins/Newtonsoft.Json.11.0.2/Newtonsoft.Json.11.0.2.nupkg
/s/tools/Addins/Newtonsoft.Json.11.0.2/Newtonsoft.Json.nuspec

[moljac]

/azp run

[azure-pipelines[bot]]

Azure Pipelines successfully started running 1 pipeline(s).