Update gRPC dependency to fix CVE-2023-32731 vulnerability

[michael-valdron]

Please specify the area for this PR

What does does this PR do / why we need it:

Fixes the high risk vulnerability CVE-2023-32731 by updating the google.golang.org/grpc.

Which issue(s) this PR fixes:

Fixes #?

part of devfile/api#1180

PR acceptance criteria:

• Test Coverage
  • Are your changes sufficiently tested, and are any applicable test cases added or updated to cover your changes?
• Gosec scans
  • Fix all MEDIUM and higher findings and/or annotate a finding per gosec instructions: https://github.com/securego/gosec#annotating-code to address why a finding is not a security issue

Documentation

• Does the registry operator documentation need to updated with your changes?

How to test changes / Special notes to the reviewer:

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michael-valdron

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [michael-valdron]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kim-tsao]

I don't think we should be updating these indirect dependencies since there may be unforeseen side effects. We should be updating the main dependencies that pick up the latest grpc module. If you run a go mod graph | grep google.golang.org/grpc on the module, you'll see that it's the registry index generator and registry library that are pulling in grpc. If you run the same command on the registry generator and registry library modules, you can determine that the main dependency k8s.io/apiextensions-apiserver v0.26.1 is the problem. We need to update this module but it doesn't seem like a patch update is available yet: https://github.com/kubernetes/apiextensions-apiserver/blob/release-1.27/go.mod#L23

[michael-valdron]

Good catch, I'll put a hold on all of these PRs until a patch on the direct dependency is available. Also, will change the status of the issue to blocked.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (dea070a) 22.11% compared to head (2ae678c) 22.11%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #44   +/-   ##
=======================================
  Coverage   22.11%   22.11%           
=======================================
  Files          23       23           
  Lines        1307     1307           
=======================================
  Hits          289      289           
  Misses       1001     1001           
  Partials       17       17           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[michael-valdron]

/hold

[michael-valdron]

/unhold

[michael-valdron]

These changes are no longer needed.