Merge pull request #6180 from halibobo1205/feature/dependency_upgrade

feat(dependency): dependencies upgrade for security

Author: CodeNinjaEvan

common/build.gradle

@@ -34,7 +34,7 @@ dependencies {
     api "com.cedarsoftware:java-util:1.8.0"
     api group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.1'
     api group: 'commons-codec', name: 'commons-codec', version: '1.11'
-    api group: 'com.beust', name: 'jcommander', version: '1.72'
+    api group: 'com.beust', name: 'jcommander', version: '1.78'
     api group: 'com.typesafe', name: 'config', version: '1.3.2'
     api group: leveldbGroup, name: leveldbName, version: leveldbVersion
     api group: 'org.rocksdb', name: 'rocksdbjni', version: '5.15.10'
@@ -46,7 +46,7 @@ dependencies {
     api 'org.aspectj:aspectjrt:1.8.13'
     api 'org.aspectj:aspectjweaver:1.8.13'
     api 'org.aspectj:aspectjtools:1.8.13'
-    api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.4',{
+    api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.5',{
         exclude group: 'io.grpc', module: 'grpc-context'
         exclude group: 'io.grpc', module: 'grpc-core'
         exclude group: 'io.grpc', module: 'grpc-netty'
@@ -60,6 +60,8 @@ dependencies {
         exclude group: 'net.java.dev.msv', module: 'xsdlib'
         exclude group: 'pull-parser', module: 'pull-parser'
         exclude group: 'xpp3', module: 'xpp3'
+        exclude group: 'org.bouncycastle', module: 'bcprov-jdk18on'
+        exclude group: 'org.bouncycastle', module: 'bcutil-jdk18on'
     }
     api project(":protocol")
 }

framework/build.gradle

@@ -57,7 +57,9 @@ dependencies {
     compileOnly group: 'javax.portlet', name: 'portlet-api', version: '3.0.1'
 
     implementation "io.vavr:vavr:0.9.2"
-    implementation group: 'org.pf4j', name: 'pf4j', version: '2.5.0'
+    implementation (group: 'org.pf4j', name: 'pf4j', version: '3.10.0') {
+        exclude group: "org.slf4j", module: "slf4j-api"
+    }
 
     testImplementation group: 'org.springframework', name: 'spring-test', version: '5.2.0.RELEASE'
     testImplementation group: 'org.springframework', name: 'spring-web', version: '5.2.0.RELEASE'

framework/src/main/java/org/tron/common/client/DatabaseGrpcClient.java

@@ -1,7 +1,9 @@
 package org.tron.common.client;
 
+import io.grpc.LoadBalancerRegistry;
 import io.grpc.ManagedChannel;
 import io.grpc.ManagedChannelBuilder;
+import io.grpc.internal.PickFirstLoadBalancerProvider;
 import org.tron.api.DatabaseGrpc;
 import org.tron.api.GrpcAPI.EmptyMessage;
 import org.tron.api.GrpcAPI.NumberMessage;
@@ -13,6 +15,12 @@ public class DatabaseGrpcClient {
   private final ManagedChannel channel;
   private final DatabaseGrpc.DatabaseBlockingStub databaseBlockingStub;
 
+  static {
+    LoadBalancerRegistry
+        .getDefaultRegistry()
+        .register(new PickFirstLoadBalancerProvider());
+  }
+
   public DatabaseGrpcClient(String host, int port) {
     channel = ManagedChannelBuilder.forAddress(host, port)
         .usePlaintext()

framework/src/main/java/org/tron/core/config/args/Args.java

@@ -262,14 +262,15 @@ private static void printVersion() {
     } catch (IOException e) {
       logger.error(e.getMessage());
     }
-    JCommander.getConsole().println("OS : " + System.getProperty("os.name"));
-    JCommander.getConsole().println("JVM : " + System.getProperty("java.vendor") + " "
+    JCommander jCommander = new JCommander();
+    jCommander.getConsole().println("OS : " + System.getProperty("os.name"));
+    jCommander.getConsole().println("JVM : " + System.getProperty("java.vendor") + " "
         + System.getProperty("java.version") + " " + System.getProperty("os.arch"));
     if (!noGitProperties) {
-      JCommander.getConsole().println("Git : " + properties.getProperty("git.commit.id"));
+      jCommander.getConsole().println("Git : " + properties.getProperty("git.commit.id"));
     }
-    JCommander.getConsole().println("Version : " + Version.getVersion());
-    JCommander.getConsole().println("Code : " + Version.VERSION_CODE);
+    jCommander.getConsole().println("Version : " + Version.getVersion());
+    jCommander.getConsole().println("Code : " + Version.VERSION_CODE);
   }
 
   public static void printHelp(JCommander jCommander) {
@@ -313,7 +314,7 @@ public static void printHelp(JCommander jCommander) {
         helpStr.append(tmpOptionDesc);
       }
     }
-    JCommander.getConsole().println(helpStr.toString());
+    jCommander.getConsole().println(helpStr.toString());
   }
 
   public static String upperFirst(String name) {

protocol/build.gradle

@@ -1,7 +1,7 @@
 apply plugin: 'com.google.protobuf'
 
 def protobufVersion = '3.25.5'
-def grpcVersion = '1.52.1'
+def grpcVersion = '1.60.0'
 
 dependencies {
     api group: 'com.google.protobuf', name: 'protobuf-java', version: protobufVersion