From cedd3a7dfb2eebbe21ebebf32a408a5fa8e31bdc Mon Sep 17 00:00:00 2001
From: "Mark S. Lewis" <Mark.S.Lewis@outlook.com>
Date: Mon, 21 Aug 2023 10:16:57 +0100
Subject: [PATCH] Update opentelemetry-grpc-1.6 dependency (#289)

Also update dependency-check suppressions to remove false positives.

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
---
 dependency-suppressions.xml | 14 ++++++++++++++
 pom.xml                     |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/dependency-suppressions.xml b/dependency-suppressions.xml
index fbf9371b..790ae92d 100644
--- a/dependency-suppressions.xml
+++ b/dependency-suppressions.xml
@@ -1,3 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[
+   Vulnerability in C++ gRPC implementation
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
+        <cve>CVE-2023-33953</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   Vulnerability in C++ gRPC implementation
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.opentelemetry\.instrumentation/opentelemetry\-grpc\-1\.6@.*$</packageUrl>
+        <cve>CVE-2023-32732</cve>
+    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index b9592c78..f967ded3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
         <url>http://github.com/hyperledger/fabric-sdk-java</url>
     </scm>
     <properties>
-        <grpc.version>1.57.1</grpc.version>
+        <grpc.version>1.57.2</grpc.version>
         <protobuf.version>3.22.5</protobuf.version> <!-- Must match version used by grpc-protobuf -->
         <bouncycastle.version>1.76</bouncycastle.version>
         <httpclient.version>4.5.14</httpclient.version>
@@ -222,7 +222,7 @@
         <dependency>
             <groupId>io.opentelemetry.instrumentation</groupId>
             <artifactId>opentelemetry-grpc-1.6</artifactId>
-            <version>1.28.0-alpha</version>
+            <version>1.29.0-alpha</version>
         </dependency>
         <dependency>
             <groupId>io.opentelemetry.proto</groupId>