Please release upgrade /cmd/protoc-gen-go-grpc /go.mod to security fixed protobuf v1.33.0

[edcrewe]

trafficstars

Please upgrade go.mod

See https://github.com/grpc/grpc-go/blob/cmd/protoc-gen-go-grpc/v1.3.0/cmd/protoc-gen-go-grpc/go.mod Security issue with

require google.golang.org/protobuf v1.28.1

google.golang.org/protobuf │ CVE-2024-24786 │ MEDIUM │ fixed │ v1.28.1 │ 1.33.0 │ golang-protobuf: encoding/protojson, internal/encoding/json: │ infinite loop in protojson.Unmarshal when unmarshaling certain forms of... https://avd.aquasec.com/nvd/cve-2024-24786

upgrade to

require google.golang.org/protobuf v1.33.0

(ideally upgrade to a more recent go version than 1.17 whilst you are at it!)

[edcrewe]

Sorry we realized you have already done this work, it is just waiting for a new release version for the changes at https://github.com/grpc/grpc-go/blob/master/cmd/protoc-gen-go-grpc/main.go

[dfawley]

I'd like to wait on #7057 before doing the next release if possible, which might be a couple weeks.

[rittneje]

@dfawley @arvindbr8 Any chance we could get a new release now? We'd like to take advantage of #7243.

[dfawley]

Yes, this is on our radar, we will try to get it done this week or next.

[arvindbr8]

This should be fixed in this release: https://github.com/grpc/grpc-go/releases/tag/cmd%2Fprotoc-gen-go-grpc%2Fv1.4.0