Update dependencies to fix security vulnerability CVE-2023-32731

[michael-valdron]

Which area/kind this issue is related to?

/area library
/area registry

Issue Description

There is a recent reported high level security vulnerability CVE-2023-32731 which effects gRPC.

The following modules should have the dependency google.golang.org/grpc updated:

• devfile/library - Update depenencies to fix CVE-2023-32731 vulnerability library#176
• devfile/registry - validate devfile schemas - Update gRPC dependency to fix CVE-2023-32731 vulnerability registry#194
• devfile/registry-operator - Update gRPC dependency to fix CVE-2023-32731 vulnerability registry-operator#44
• devfile/registry-support - Update gRPC dependency to fix CVE-2023-32731 vulnerability registry-support#177
  • index/server
  • index/generator
  • tests/integration
  • registry-library

Target Date: TBA

[michael-valdron]

All PRs for this issue are created with the vulnerability patch and are ready for review.

[michael-valdron]

Blocked due to the direct dependency not patching this yet: devfile/registry-operator#44 (comment)

[michael-valdron]

This commit which is currently under kubernetes staging should provide a patch for this: kubernetes/kubernetes@a045fed

[michael-valdron]

Direct dependencies now have patches so will unblock this issue.

[michael-valdron]

Revising PRs for review next sprint.

[michael-valdron]

No updates as of late due to focus on other tasks.

[michael-valdron]

Continuing in Sprint 245 due to vacation leave.

[michael-valdron]

After consideration on this issue, I have decided to defer this to be part of #1237 and will close this item.