From a3c8cd73a24562ccdeed2fe526f22bd34d92e867 Mon Sep 17 00:00:00 2001 From: Daymon Date: Thu, 3 Oct 2024 12:58:14 -0500 Subject: [PATCH 1/5] bump protobuf deps --- gradle/libs.versions.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 558b979d60e..f2f013605fa 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -9,14 +9,14 @@ coroutines = "1.7.3" dagger = "2.43.2" grpc = "1.62.2" grpcKotlin = "1.4.1" -javalite = "3.21.11" +javalite = "3.25.5" kotlin = "1.8.22" mockk = "1.13.11" serialization-plugin = "1.8.22" -protoc = "3.21.11" +protoc = "3.25.5" truth = "1.4.2" robolectric = "4.12" -protobufjavautil = "3.21.11" +protobufjavautil = "3.25.5" kotest = "5.9.0" # Do not use 5.9.1 because it reverts the fix for https://github.com/kotest/kotest/issues/3981 quickcheck = "0.6" serialization = "1.5.1" From eec3c74e049eee0db95be37a07a27cd9c7894052 Mon Sep 17 00:00:00 2001 From: Daymon Date: Thu, 3 Oct 2024 12:58:19 -0500 Subject: [PATCH 2/5] Add changelogs --- encoders/firebase-encoders-proto/CHANGELOG.md | 3 ++- firebase-config/CHANGELOG.md | 3 ++- firebase-crashlytics/CHANGELOG.md | 2 ++ firebase-dataconnect/CHANGELOG.md | 3 +++ firebase-firestore/CHANGELOG.md | 3 ++- firebase-inappmessaging-display/CHANGELOG.md | 3 ++- firebase-inappmessaging/CHANGELOG.md | 3 ++- firebase-messaging/CHANGELOG.md | 2 ++ firebase-ml-modeldownloader/CHANGELOG.md | 2 ++ firebase-perf/CHANGELOG.md | 3 ++- transport/transport-backend-cct/CHANGELOG.md | 2 ++ transport/transport-runtime/CHANGELOG.md | 2 ++ 12 files changed, 25 insertions(+), 6 deletions(-) diff --git a/encoders/firebase-encoders-proto/CHANGELOG.md b/encoders/firebase-encoders-proto/CHANGELOG.md index f514bbb890e..62ae4e68ef4 100644 --- a/encoders/firebase-encoders-proto/CHANGELOG.md +++ b/encoders/firebase-encoders-proto/CHANGELOG.md @@ -1,3 +1,4 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). diff --git a/firebase-config/CHANGELOG.md b/firebase-config/CHANGELOG.md index 110b313c112..52652dde7ba 100644 --- a/firebase-config/CHANGELOG.md +++ b/firebase-config/CHANGELOG.md @@ -1,5 +1,6 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 22.0.0 * [changed] Bump internal dependencies diff --git a/firebase-crashlytics/CHANGELOG.md b/firebase-crashlytics/CHANGELOG.md index fe28da42c21..d122fac333c 100644 --- a/firebase-crashlytics/CHANGELOG.md +++ b/firebase-crashlytics/CHANGELOG.md @@ -4,6 +4,8 @@ * [changed] Internal changes to improve startup time. * [changed] Internal changes to the way background tasks are scheduled. * [changed] Migrated SDK to use standard Firebase executors. +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 19.1.0 * [feature] Added the `isCrashlyticsCollectionEnabled` API to check if Crashlytics collection is diff --git a/firebase-dataconnect/CHANGELOG.md b/firebase-dataconnect/CHANGELOG.md index 6080722265a..09bf62ea577 100644 --- a/firebase-dataconnect/CHANGELOG.md +++ b/firebase-dataconnect/CHANGELOG.md @@ -17,3 +17,6 @@ ([#6299](https://github.com/firebase/firebase-android-sdk/pull/6299)) * [changed] Added `equals` and `hashCode` methods to `GeneratedConnector`. ([#6177](https://github.com/firebase/firebase-android-sdk/pull/6177)) +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). + diff --git a/firebase-firestore/CHANGELOG.md b/firebase-firestore/CHANGELOG.md index 091ad59233b..e6f0f26cbc7 100644 --- a/firebase-firestore/CHANGELOG.md +++ b/firebase-firestore/CHANGELOG.md @@ -1,5 +1,6 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 25.1.0 * [feature] Add support for the VectorValue type. [#6154](//github.com/firebase/firebase-android-sdk/pull/6154) diff --git a/firebase-inappmessaging-display/CHANGELOG.md b/firebase-inappmessaging-display/CHANGELOG.md index 8e37a383a13..0f1802212bd 100644 --- a/firebase-inappmessaging-display/CHANGELOG.md +++ b/firebase-inappmessaging-display/CHANGELOG.md @@ -1,5 +1,6 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 21.0.0 * [fixed] Fixed bad token exception while showing FIAM diff --git a/firebase-inappmessaging/CHANGELOG.md b/firebase-inappmessaging/CHANGELOG.md index 8a499333a5b..925b7b5946c 100644 --- a/firebase-inappmessaging/CHANGELOG.md +++ b/firebase-inappmessaging/CHANGELOG.md @@ -1,5 +1,6 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 21.0.0 * [fixed] Fixed bad token exception while showing FIAM diff --git a/firebase-messaging/CHANGELOG.md b/firebase-messaging/CHANGELOG.md index fb2f986e215..0beada1166e 100644 --- a/firebase-messaging/CHANGELOG.md +++ b/firebase-messaging/CHANGELOG.md @@ -1,5 +1,7 @@ # Unreleased * [changed] Included message priority when logging to Firelog. +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 24.0.1 * [changed] Retry Topic Subscribe/Unsubscribe operations with exponential diff --git a/firebase-ml-modeldownloader/CHANGELOG.md b/firebase-ml-modeldownloader/CHANGELOG.md index 69be9eb9857..42b870167fa 100644 --- a/firebase-ml-modeldownloader/CHANGELOG.md +++ b/firebase-ml-modeldownloader/CHANGELOG.md @@ -1,4 +1,6 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 25.0.0 diff --git a/firebase-perf/CHANGELOG.md b/firebase-perf/CHANGELOG.md index 536fc748003..2f370bab159 100644 --- a/firebase-perf/CHANGELOG.md +++ b/firebase-perf/CHANGELOG.md @@ -1,5 +1,6 @@ # Unreleased - +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 21.0.1 * [fixed] Fixed an `ExceptionInInitializerError` where the `url.openStream()` causes a crash if diff --git a/transport/transport-backend-cct/CHANGELOG.md b/transport/transport-backend-cct/CHANGELOG.md index 0488ebf1219..59b34e15bf1 100644 --- a/transport/transport-backend-cct/CHANGELOG.md +++ b/transport/transport-backend-cct/CHANGELOG.md @@ -1,4 +1,6 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 3.3.0 diff --git a/transport/transport-runtime/CHANGELOG.md b/transport/transport-runtime/CHANGELOG.md index 4a7385d299e..451c89e3279 100644 --- a/transport/transport-runtime/CHANGELOG.md +++ b/transport/transport-runtime/CHANGELOG.md @@ -1,4 +1,6 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 3.3.0 From 111c0ff86c5231a8f909ceebf690abc56194e3b1 Mon Sep 17 00:00:00 2001 From: Daymon Date: Thu, 3 Oct 2024 13:25:15 -0500 Subject: [PATCH 3/5] Use version catalog for proto deps --- build.gradle | 3 --- .../firebase-encoders-proto/firebase-encoders-proto.gradle | 4 ++-- .../protoc-gen-firebase-encoders.gradle | 2 +- encoders/protoc-gen-firebase-encoders/tests/tests.gradle | 4 ++-- firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle | 2 +- firebase-crashlytics/firebase-crashlytics.gradle | 2 +- firebase-firestore/firebase-firestore.gradle | 4 ++-- firebase-firestore/ktx/ktx.gradle | 2 +- firebase-inappmessaging/firebase-inappmessaging.gradle | 2 +- firebase-messaging/firebase-messaging.gradle | 2 +- .../firebase-ml-modeldownloader.gradle | 4 ++-- firebase-perf/firebase-perf.gradle | 6 +++--- firebase-perf/ktx/ktx.gradle | 2 +- .../protolite-well-known-types.gradle | 4 ++-- .../transport-backend-cct/transport-backend-cct.gradle | 4 ++-- transport/transport-runtime/transport-runtime.gradle | 2 +- 16 files changed, 23 insertions(+), 26 deletions(-) diff --git a/build.gradle b/build.gradle index 5da603fb4ee..a01513fe917 100644 --- a/build.gradle +++ b/build.gradle @@ -54,9 +54,6 @@ ext { robolectricVersion = libs.versions.robolectric.get() androidxTestCoreVersion = libs.versions.androidx.test.core.get() androidxTestJUnitVersion = libs.versions.androidx.test.junit.get() - protocVersion = libs.versions.protoc.get() - javaliteVersion = libs.versions.javalite.get() - protobufJavaUtilVersion = libs.versions.protobufjavautil.get() } apply plugin: com.google.firebase.gradle.plugins.PublishingPlugin diff --git a/encoders/firebase-encoders-proto/firebase-encoders-proto.gradle b/encoders/firebase-encoders-proto/firebase-encoders-proto.gradle index c0be88b3034..783074cad3e 100644 --- a/encoders/firebase-encoders-proto/firebase-encoders-proto.gradle +++ b/encoders/firebase-encoders-proto/firebase-encoders-proto.gradle @@ -32,7 +32,7 @@ java { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } } @@ -47,7 +47,7 @@ dependencies { testAnnotationProcessor project(':encoders:firebase-encoders-processor') testImplementation 'com.google.guava:guava:31.0-jre' - testImplementation "com.google.protobuf:protobuf-java-util:$protobufJavaUtilVersion" + testImplementation libs.protobuf.java.util testImplementation "com.google.truth:truth:$googleTruthVersion" testImplementation 'com.google.truth.extensions:truth-proto-extension:1.0' testImplementation 'junit:junit:4.13.1' diff --git a/encoders/protoc-gen-firebase-encoders/protoc-gen-firebase-encoders.gradle b/encoders/protoc-gen-firebase-encoders/protoc-gen-firebase-encoders.gradle index cbf30021604..0b34665d413 100644 --- a/encoders/protoc-gen-firebase-encoders/protoc-gen-firebase-encoders.gradle +++ b/encoders/protoc-gen-firebase-encoders/protoc-gen-firebase-encoders.gradle @@ -22,7 +22,7 @@ plugins { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } } diff --git a/encoders/protoc-gen-firebase-encoders/tests/tests.gradle b/encoders/protoc-gen-firebase-encoders/tests/tests.gradle index 103e76428ac..eb5d531edf8 100644 --- a/encoders/protoc-gen-firebase-encoders/tests/tests.gradle +++ b/encoders/protoc-gen-firebase-encoders/tests/tests.gradle @@ -26,7 +26,7 @@ dependencies { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } plugins { firebaseEncoders { @@ -51,7 +51,7 @@ dependencies { testImplementation project(":encoders:firebase-encoders") testImplementation project(":encoders:firebase-encoders-proto") - testImplementation "com.google.protobuf:protobuf-java:3.21.9" + testImplementation libs.protobuf.java testImplementation "com.google.truth:truth:1.0.1" testImplementation 'junit:junit:4.13.1' } diff --git a/firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle b/firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle index 92dd3716189..4c0e8ebae3c 100644 --- a/firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle +++ b/firebase-crashlytics-ndk/firebase-crashlytics-ndk.gradle @@ -124,7 +124,7 @@ dependencies { androidTestImplementation "androidx.test:core:$androidxTestCoreVersion" androidTestImplementation 'androidx.test:runner:1.4.0' - androidTestImplementation "com.google.protobuf:protobuf-javalite:$javaliteVersion" + androidTestImplementation libs.protobuf.java.lite androidTestImplementation 'com.linkedin.dexmaker:dexmaker:2.28.1' androidTestImplementation 'com.linkedin.dexmaker:dexmaker-mockito:2.28.1' androidTestImplementation 'org.mockito:mockito-core:3.4.3' diff --git a/firebase-crashlytics/firebase-crashlytics.gradle b/firebase-crashlytics/firebase-crashlytics.gradle index 11656334809..28a23e279ba 100644 --- a/firebase-crashlytics/firebase-crashlytics.gradle +++ b/firebase-crashlytics/firebase-crashlytics.gradle @@ -104,7 +104,7 @@ dependencies { androidTestImplementation(libs.androidx.test.runner) androidTestImplementation(libs.androidx.test.junit) androidTestImplementation("com.google.firebase:firebase-encoders-json:18.0.1") - androidTestImplementation("com.google.protobuf:protobuf-java:3.21.11") + androidTestImplementation(libs.protobuf.java) androidTestImplementation(libs.truth) androidTestImplementation("com.linkedin.dexmaker:dexmaker:2.28.3") androidTestImplementation(libs.mockito.dexmaker) diff --git a/firebase-firestore/firebase-firestore.gradle b/firebase-firestore/firebase-firestore.gradle index b17006b3bdc..b99878c169f 100644 --- a/firebase-firestore/firebase-firestore.gradle +++ b/firebase-firestore/firebase-firestore.gradle @@ -36,7 +36,7 @@ protobuf { // Configure the protoc executable protoc { // Download from repositories - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } plugins { grpc { @@ -164,7 +164,7 @@ dependencies { testImplementation 'org.mockito:mockito-core:2.25.0' testImplementation "org.robolectric:robolectric:$robolectricVersion" - testCompileOnly "com.google.protobuf:protobuf-java:$protocVersion" + testCompileOnly libs.protobuf.java androidTestImplementation "androidx.annotation:annotation:1.1.0" androidTestImplementation 'androidx.test:rules:1.5.0' diff --git a/firebase-firestore/ktx/ktx.gradle b/firebase-firestore/ktx/ktx.gradle index fd27367fbc4..e4cebe269f4 100644 --- a/firebase-firestore/ktx/ktx.gradle +++ b/firebase-firestore/ktx/ktx.gradle @@ -71,5 +71,5 @@ dependencies { testImplementation 'org.mockito:mockito-core:2.25.0' testImplementation "org.robolectric:robolectric:$robolectricVersion" - testCompileOnly "com.google.protobuf:protobuf-java:$protocVersion" + testCompileOnly libs.protobuf.java } diff --git a/firebase-inappmessaging/firebase-inappmessaging.gradle b/firebase-inappmessaging/firebase-inappmessaging.gradle index 6e3862efd5c..d79b57d29a3 100644 --- a/firebase-inappmessaging/firebase-inappmessaging.gradle +++ b/firebase-inappmessaging/firebase-inappmessaging.gradle @@ -32,7 +32,7 @@ protobuf { // Configure the protoc executable protoc { // Download from repositories - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } plugins { grpc { diff --git a/firebase-messaging/firebase-messaging.gradle b/firebase-messaging/firebase-messaging.gradle index 576b4b0f4db..39c9f51ba6e 100644 --- a/firebase-messaging/firebase-messaging.gradle +++ b/firebase-messaging/firebase-messaging.gradle @@ -25,7 +25,7 @@ protobuf { protobuild project(path: ':encoders:protoc-gen-firebase-encoders', configuration: 'shadow') } protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } plugins { firebaseEncoders { diff --git a/firebase-ml-modeldownloader/firebase-ml-modeldownloader.gradle b/firebase-ml-modeldownloader/firebase-ml-modeldownloader.gradle index 4899fc82e40..1f21ce6149f 100644 --- a/firebase-ml-modeldownloader/firebase-ml-modeldownloader.gradle +++ b/firebase-ml-modeldownloader/firebase-ml-modeldownloader.gradle @@ -34,7 +34,7 @@ protobuf { // Configure the protoc executable protoc { // Download from repositories - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } generateProtoTasks { all().each { task -> @@ -121,7 +121,7 @@ dependencies { testImplementation 'androidx.test:runner:1.5.1' testImplementation "androidx.test.ext:junit:$androidxTestJUnitVersion" testImplementation 'com.github.tomakehurst:wiremock-standalone:2.26.3' - testImplementation "com.google.protobuf:protobuf-java-util:$protobufJavaUtilVersion" + testImplementation libs.protobuf.java.util testImplementation "com.google.truth:truth:$googleTruthVersion" testImplementation 'com.google.truth.extensions:truth-proto-extension:1.0' testImplementation 'junit:junit:4.13-beta-2' diff --git a/firebase-perf/firebase-perf.gradle b/firebase-perf/firebase-perf.gradle index eec56366689..9735f1af260 100644 --- a/firebase-perf/firebase-perf.gradle +++ b/firebase-perf/firebase-perf.gradle @@ -36,7 +36,7 @@ firebaseLibrary { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } generateProtoTasks { all().each { task -> @@ -104,7 +104,7 @@ dependencies { implementation "androidx.annotation:annotation:1.1.0" implementation "androidx.lifecycle:lifecycle-process:2.3.1" implementation "com.google.android.gms:play-services-tasks:18.0.1" - implementation "com.google.protobuf:protobuf-javalite:$javaliteVersion" + implementation libs.protobuf.java.lite implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlinVersion" implementation 'androidx.annotation:annotation:1.7.0' implementation 'androidx.appcompat:appcompat:1.2.0' @@ -130,7 +130,7 @@ dependencies { exclude group: 'com.google.firebase', module: 'firebase-common' exclude group: 'com.google.firebase', module: 'firebase-components' } - testCompileOnly "com.google.protobuf:protobuf-java:3.21.9" + testCompileOnly libs.protobuf.java testImplementation "androidx.test:core:$androidxTestCoreVersion" testImplementation "com.google.truth:truth:$googleTruthVersion" testImplementation "org.robolectric:robolectric:$robolectricVersion" diff --git a/firebase-perf/ktx/ktx.gradle b/firebase-perf/ktx/ktx.gradle index c8762745d60..4eada074307 100644 --- a/firebase-perf/ktx/ktx.gradle +++ b/firebase-perf/ktx/ktx.gradle @@ -59,5 +59,5 @@ dependencies { testImplementation 'org.mockito:mockito-core:2.25.0' testImplementation "org.robolectric:robolectric:$robolectricVersion" - testCompileOnly "com.google.protobuf:protobuf-java:3.21.9" + testCompileOnly libs.protobuf.java } diff --git a/protolite-well-known-types/protolite-well-known-types.gradle b/protolite-well-known-types/protolite-well-known-types.gradle index f6f923a4212..1c904461bea 100644 --- a/protolite-well-known-types/protolite-well-known-types.gradle +++ b/protolite-well-known-types/protolite-well-known-types.gradle @@ -26,7 +26,7 @@ firebaseLibrary { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } generateProtoTasks { all().each { task -> @@ -68,5 +68,5 @@ dependencies { exclude group: "com.google.protobuf", module: "protobuf-java" } - implementation "com.google.protobuf:protobuf-javalite:$javaliteVersion" + implementation libs.protobuf.java.lite } diff --git a/transport/transport-backend-cct/transport-backend-cct.gradle b/transport/transport-backend-cct/transport-backend-cct.gradle index 64e51b92e8a..49665b7cae8 100644 --- a/transport/transport-backend-cct/transport-backend-cct.gradle +++ b/transport/transport-backend-cct/transport-backend-cct.gradle @@ -29,7 +29,7 @@ protobuf { // Configure the protoc executable protoc { // Download from repositories - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } generateProtoTasks { all().each { task -> @@ -71,7 +71,7 @@ dependencies { testImplementation "androidx.test:core:$androidxTestCoreVersion" testImplementation 'com.github.tomakehurst:wiremock:3.0.1' - testImplementation "com.google.protobuf:protobuf-java-util:$protobufJavaUtilVersion" + testImplementation libs.protobuf.java.util testImplementation "com.google.truth:truth:$googleTruthVersion" testImplementation 'com.google.truth.extensions:truth-proto-extension:1.0' testImplementation 'junit:junit:4.13.1' diff --git a/transport/transport-runtime/transport-runtime.gradle b/transport/transport-runtime/transport-runtime.gradle index 0eb853e98c8..c63b64d83d8 100644 --- a/transport/transport-runtime/transport-runtime.gradle +++ b/transport/transport-runtime/transport-runtime.gradle @@ -26,7 +26,7 @@ dependencies { protobuf { protoc { - artifact = "com.google.protobuf:protoc:$protocVersion" + artifact = libs.protoc.get().toString() } plugins { firebaseEncoders { From ea00618bd2d183647c6e36beb7f7b122da314521 Mon Sep 17 00:00:00 2001 From: Daymon Date: Mon, 7 Oct 2024 12:31:26 -0500 Subject: [PATCH 4/5] Downgrade well known types Lets see if this breaks smoke tests. The fact that the version number wasn't bumped might cause false positives, plus we have a bunch of exceptions on well known types anyways that could cause that too. --- protolite-well-known-types/protolite-well-known-types.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/protolite-well-known-types/protolite-well-known-types.gradle b/protolite-well-known-types/protolite-well-known-types.gradle index 1c904461bea..f5e5bdd8ff2 100644 --- a/protolite-well-known-types/protolite-well-known-types.gradle +++ b/protolite-well-known-types/protolite-well-known-types.gradle @@ -26,7 +26,7 @@ firebaseLibrary { protobuf { protoc { - artifact = libs.protoc.get().toString() + artifact = "com.google.protobuf:protoc:3.21.11" } generateProtoTasks { all().each { task -> @@ -68,5 +68,5 @@ dependencies { exclude group: "com.google.protobuf", module: "protobuf-java" } - implementation libs.protobuf.java.lite + implementation "com.google.protobuf:protobuf-javalite:3.21.11" } From 4881b82a091d097adb7bfe1f4dc80029f28932b8 Mon Sep 17 00:00:00 2001 From: Daymon Date: Thu, 10 Oct 2024 12:56:01 -0500 Subject: [PATCH 5/5] Add missing changelogs --- firebase-crashlytics/CHANGELOG.md | 5 +++-- firebase-dataconnect/CHANGELOG.md | 4 ++-- firebase-messaging/CHANGELOG.md | 5 +++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/firebase-crashlytics/CHANGELOG.md b/firebase-crashlytics/CHANGELOG.md index e227aaacdb9..bf67a6d8536 100644 --- a/firebase-crashlytics/CHANGELOG.md +++ b/firebase-crashlytics/CHANGELOG.md @@ -1,4 +1,7 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). + # 19.2.0 * [fixed] Improved data consistency for rapid user actions. @@ -6,8 +9,6 @@ * [changed] Internal changes to improve startup time. * [changed] Internal changes to the way background tasks are scheduled. * [changed] Migrated SDK to use standard Firebase executors. -* [changed] Updated protobuf dependency to `3.25.5` to fix - [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 19.1.0 * [feature] Added the `isCrashlyticsCollectionEnabled` API to check if Crashlytics collection is diff --git a/firebase-dataconnect/CHANGELOG.md b/firebase-dataconnect/CHANGELOG.md index 3f8200ee4c0..78d5d548a10 100644 --- a/firebase-dataconnect/CHANGELOG.md +++ b/firebase-dataconnect/CHANGELOG.md @@ -1,4 +1,6 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 16.0.0-beta01 * [feature] Initial release of the Data Connect SDK (public preview). Learn how to @@ -19,6 +21,4 @@ ([#6299](https://github.com/firebase/firebase-android-sdk/pull/6299)) * [changed] Added `equals` and `hashCode` methods to `GeneratedConnector`. ([#6177](https://github.com/firebase/firebase-android-sdk/pull/6177)) -* [changed] Updated protobuf dependency to `3.25.5` to fix - [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). diff --git a/firebase-messaging/CHANGELOG.md b/firebase-messaging/CHANGELOG.md index e579437a075..5ada883e7df 100644 --- a/firebase-messaging/CHANGELOG.md +++ b/firebase-messaging/CHANGELOG.md @@ -1,9 +1,10 @@ # Unreleased +* [changed] Updated protobuf dependency to `3.25.5` to fix + [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). + # 24.0.2 * [changed] Included message priority when logging to Firelog. -* [changed] Updated protobuf dependency to `3.25.5` to fix - [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 24.0.1 * [changed] Retry Topic Subscribe/Unsubscribe operations with exponential