temporal java sdk is using an older version of grpc-netty-shaded with vulnerabilities

[susie-oracle]

Expected Behavior

upgrade grpc-netty-shaded to 1.75.0

Actual Behavior

Steps to Reproduce the Problem

1.check dependencies of temporal java-sdk
1.https://www.cve.org/CVERecord?id=CVE-2025-55163
1.

Specifications

• Version: 1.28.1, ..,1.31.0
• Platform:

[Quinn-With-Two-Ns]

A few points,

1. This vulnerability does not apply to how the Java SDK uses netty since the Java SDK is only a client.

2. If the issue is simply the vulnerability scan then you can update the version of gRPC the SDK uses. As part of our CI we test the Java SDK with the latest version of Java gRPC. Note, this is what we always recommend anyway.