From 40fcdeaac8fa4e5a2414f0b33c581a4d1d60407c Mon Sep 17 00:00:00 2001
From: Aaron Steinfeld <45047841+aaron-steinfeld@users.noreply.github.com>
Date: Mon, 4 Dec 2023 09:55:31 -0500
Subject: [PATCH] fix: update vulns (#203)

---
 .trivyignore                                  |  2 -
 attribute-projection-registry/gradle.lockfile | 18 ++---
 attribute-service-api/gradle.lockfile         | 18 ++---
 attribute-service-client/gradle.lockfile      | 38 +++++-----
 attribute-service-factory/gradle.lockfile     | 62 ++++++++++------
 attribute-service-impl/gradle.lockfile        | 37 +++++-----
 attribute-service-tenant-api/gradle.lockfile  |  6 +-
 attribute-service/build.gradle.kts            |  1 -
 attribute-service/gradle.lockfile             | 74 ++++++++++---------
 .../gradle.lockfile                           | 38 +++++-----
 owasp-suppressions.xml                        | 11 ++-
 11 files changed, 166 insertions(+), 139 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 30675bb5..e69de29b 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,2 +0,0 @@
-# libssl3
-CVE-2023-5678 exp:2023-12-31
\ No newline at end of file
diff --git a/attribute-projection-registry/gradle.lockfile b/attribute-projection-registry/gradle.lockfile
index 64362614..34965529 100644
--- a/attribute-projection-registry/gradle.lockfile
+++ b/attribute-projection-registry/gradle.lockfile
@@ -1,24 +1,24 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.github.f4b6a3:uuid-creator:5.3.2=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=compileClasspath,runtimeClasspath
 com.google.j2objc:j2objc-annotations:2.8=compileClasspath
 com.google.protobuf:protobuf-java:3.24.1=compileClasspath,runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service-api/gradle.lockfile b/attribute-service-api/gradle.lockfile
index 817d8fe4..27dc9865 100644
--- a/attribute-service-api/gradle.lockfile
+++ b/attribute-service-api/gradle.lockfile
@@ -1,23 +1,23 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=compileClasspath,runtimeClasspath
 com.google.j2objc:j2objc-annotations:2.8=compileClasspath
 com.google.protobuf:protobuf-java:3.24.1=compileClasspath,runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=compileClasspath,runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service-client/gradle.lockfile b/attribute-service-client/gradle.lockfile
index cf6d7516..f581ddf3 100644
--- a/attribute-service-client/gradle.lockfile
+++ b/attribute-service-client/gradle.lockfile
@@ -3,15 +3,15 @@
 # This file is expected to be part of source control.
 com.auth0:java-jwt:4.4.0=runtimeClasspath
 com.auth0:jwks-rsa:0.22.0=runtimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.2=runtimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.16.0=runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.google.android:annotations:4.1.1.4=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
 com.google.code.gson:gson:2.10.1=runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
@@ -22,18 +22,20 @@ com.typesafe:config:1.4.2=compileClasspath,runtimeClasspath
 io.dropwizard.metrics:metrics-core:4.2.16=compileClasspath,runtimeClasspath
 io.dropwizard.metrics:metrics-jvm:4.2.16=runtimeClasspath
 io.github.mweirauch:micrometer-jvm-extras:0.2.2=runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-context:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-core:1.57.2=runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-context:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-core:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-inprocess:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-util:1.59.1=runtimeClasspath
 io.micrometer:micrometer-commons:1.10.2=compileClasspath,runtimeClasspath
 io.micrometer:micrometer-core:1.10.2=compileClasspath,runtimeClasspath
 io.micrometer:micrometer-observation:1.10.2=compileClasspath,runtimeClasspath
 io.micrometer:micrometer-registry-prometheus:1.10.2=runtimeClasspath
-io.netty:netty-bom:4.1.100.Final=compileClasspath,runtimeClasspath
+io.netty:netty-bom:4.1.101.Final=compileClasspath,runtimeClasspath
 io.perfmark:perfmark-api:0.26.0=runtimeClasspath
 io.prometheus:simpleclient:0.16.0=runtimeClasspath
 io.prometheus:simpleclient_common:0.16.0=runtimeClasspath
@@ -60,11 +62,11 @@ org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-client-utils:0.12.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-context-utils:0.12.7=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.62=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.63=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.projectlombok:lombok:1.18.28=annotationProcessor,compileClasspath
 org.slf4j:slf4j-api:2.0.7=compileClasspath,runtimeClasspath
diff --git a/attribute-service-factory/gradle.lockfile b/attribute-service-factory/gradle.lockfile
index f52dedc0..d7a3898b 100644
--- a/attribute-service-factory/gradle.lockfile
+++ b/attribute-service-factory/gradle.lockfile
@@ -3,15 +3,15 @@
 # This file is expected to be part of source control.
 com.auth0:java-jwt:4.4.0=runtimeClasspath
 com.auth0:jwks-rsa:0.22.0=runtimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.2=runtimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.16.0=runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.google.android:annotations:4.1.1.4=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
 com.google.code.gson:gson:2.10.1=runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
@@ -29,19 +29,33 @@ io.dropwizard.metrics:metrics-json:4.2.16=runtimeClasspath
 io.dropwizard.metrics:metrics-jvm:4.2.16=runtimeClasspath
 io.dropwizard.metrics:metrics-servlets:4.2.16=runtimeClasspath
 io.github.mweirauch:micrometer-jvm-extras:0.2.2=runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-context:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-core:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-services:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-context:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-core:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-inprocess:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-netty:1.59.1=runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-services:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-util:1.59.1=compileClasspath,runtimeClasspath
 io.micrometer:micrometer-commons:1.10.2=runtimeClasspath
 io.micrometer:micrometer-core:1.10.2=runtimeClasspath
 io.micrometer:micrometer-observation:1.10.2=runtimeClasspath
 io.micrometer:micrometer-registry-prometheus:1.10.2=runtimeClasspath
-io.netty:netty-bom:4.1.100.Final=compileClasspath,runtimeClasspath
+io.netty:netty-bom:4.1.101.Final=compileClasspath,runtimeClasspath
+io.netty:netty-buffer:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-http2:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-http:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-socks:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec:4.1.101.Final=runtimeClasspath
+io.netty:netty-common:4.1.101.Final=runtimeClasspath
+io.netty:netty-handler-proxy:4.1.101.Final=runtimeClasspath
+io.netty:netty-handler:4.1.101.Final=runtimeClasspath
+io.netty:netty-resolver:4.1.101.Final=runtimeClasspath
+io.netty:netty-transport-native-unix-common:4.1.101.Final=runtimeClasspath
+io.netty:netty-transport:4.1.101.Final=runtimeClasspath
 io.perfmark:perfmark-api:0.26.0=runtimeClasspath
 io.prometheus:simpleclient:0.16.0=runtimeClasspath
 io.prometheus:simpleclient_common:0.16.0=runtimeClasspath
@@ -75,17 +89,17 @@ org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.documentstore:document-store:0.7.49=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6=runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-server-utils:0.12.6=runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-client-utils:0.12.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-context-utils:0.12.7=runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-server-utils:0.12.7=runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.62=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.62=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-service-framework:0.1.62=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.62=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.63=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.63=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.63=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-service-framework:0.1.63=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.63=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath
diff --git a/attribute-service-impl/gradle.lockfile b/attribute-service-impl/gradle.lockfile
index cddf93ad..86c891ff 100644
--- a/attribute-service-impl/gradle.lockfile
+++ b/attribute-service-impl/gradle.lockfile
@@ -3,16 +3,16 @@
 # This file is expected to be part of source control.
 com.auth0:java-jwt:4.4.0=runtimeClasspath
 com.auth0:jwks-rsa:0.22.0=runtimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.2=compileClasspath,runtimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.2=compileClasspath,runtimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.2=compileClasspath,runtimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.16.0=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.16.0=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.16.0=compileClasspath,runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.google.android:annotations:4.1.1.4=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
 com.google.code.gson:gson:2.10.1=runtimeClasspath
 com.google.code.gson:gson:2.8.9=compileClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
@@ -25,13 +25,14 @@ commons-logging:commons-logging:1.2=runtimeClasspath
 io.dropwizard.metrics:metrics-core:4.2.16=runtimeClasspath
 io.dropwizard.metrics:metrics-jvm:4.2.16=runtimeClasspath
 io.github.mweirauch:micrometer-jvm-extras:0.2.2=runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-context:1.57.2=runtimeClasspath
-io.grpc:grpc-core:1.57.2=runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-context:1.59.1=runtimeClasspath
+io.grpc:grpc-core:1.59.1=runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-util:1.59.1=runtimeClasspath
 io.micrometer:micrometer-commons:1.10.2=runtimeClasspath
 io.micrometer:micrometer-core:1.10.2=runtimeClasspath
 io.micrometer:micrometer-observation:1.10.2=runtimeClasspath
@@ -67,13 +68,13 @@ org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.documentstore:document-store:0.7.49=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-context-utils:0.12.7=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.62=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.62=runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.62=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.63=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.63=runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.63=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath
diff --git a/attribute-service-tenant-api/gradle.lockfile b/attribute-service-tenant-api/gradle.lockfile
index 1f79c771..9fff3b5f 100644
--- a/attribute-service-tenant-api/gradle.lockfile
+++ b/attribute-service-tenant-api/gradle.lockfile
@@ -1,8 +1,8 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 empty=annotationProcessor
diff --git a/attribute-service/build.gradle.kts b/attribute-service/build.gradle.kts
index 4470e969..bd101dc9 100644
--- a/attribute-service/build.gradle.kts
+++ b/attribute-service/build.gradle.kts
@@ -60,7 +60,6 @@ dependencies {
   implementation(projects.attributeServiceFactory)
   implementation(commonLibs.hypertrace.framework.grpc)
   runtimeOnly(commonLibs.log4j.slf4j2.impl)
-  runtimeOnly(commonLibs.grpc.netty)
 
   // Integration test dependencies
   integrationTestImplementation(commonLibs.junit.jupiter)
diff --git a/attribute-service/gradle.lockfile b/attribute-service/gradle.lockfile
index 89b0ea38..e4e7c1ba 100644
--- a/attribute-service/gradle.lockfile
+++ b/attribute-service/gradle.lockfile
@@ -3,15 +3,15 @@
 # This file is expected to be part of source control.
 com.auth0:java-jwt:4.4.0=runtimeClasspath
 com.auth0:jwks-rsa:0.22.0=runtimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.2=runtimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.16.0=runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.google.android:annotations:4.1.1.4=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
 com.google.code.gson:gson:2.10.1=runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
@@ -29,31 +29,33 @@ io.dropwizard.metrics:metrics-json:4.2.16=runtimeClasspath
 io.dropwizard.metrics:metrics-jvm:4.2.16=runtimeClasspath
 io.dropwizard.metrics:metrics-servlets:4.2.16=runtimeClasspath
 io.github.mweirauch:micrometer-jvm-extras:0.2.2=runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-context:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-core:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-netty:1.57.2=runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-services:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-context:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-core:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-inprocess:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-netty:1.59.1=runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-services:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-util:1.59.1=compileClasspath,runtimeClasspath
 io.micrometer:micrometer-commons:1.10.2=runtimeClasspath
 io.micrometer:micrometer-core:1.10.2=runtimeClasspath
 io.micrometer:micrometer-observation:1.10.2=runtimeClasspath
 io.micrometer:micrometer-registry-prometheus:1.10.2=runtimeClasspath
-io.netty:netty-bom:4.1.100.Final=compileClasspath,runtimeClasspath
-io.netty:netty-buffer:4.1.100.Final=runtimeClasspath
-io.netty:netty-codec-http2:4.1.100.Final=runtimeClasspath
-io.netty:netty-codec-http:4.1.100.Final=runtimeClasspath
-io.netty:netty-codec-socks:4.1.100.Final=runtimeClasspath
-io.netty:netty-codec:4.1.100.Final=runtimeClasspath
-io.netty:netty-common:4.1.100.Final=runtimeClasspath
-io.netty:netty-handler-proxy:4.1.100.Final=runtimeClasspath
-io.netty:netty-handler:4.1.100.Final=runtimeClasspath
-io.netty:netty-resolver:4.1.100.Final=runtimeClasspath
-io.netty:netty-transport-native-unix-common:4.1.100.Final=runtimeClasspath
-io.netty:netty-transport:4.1.100.Final=runtimeClasspath
+io.netty:netty-bom:4.1.101.Final=compileClasspath,runtimeClasspath
+io.netty:netty-buffer:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-http2:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-http:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec-socks:4.1.101.Final=runtimeClasspath
+io.netty:netty-codec:4.1.101.Final=runtimeClasspath
+io.netty:netty-common:4.1.101.Final=runtimeClasspath
+io.netty:netty-handler-proxy:4.1.101.Final=runtimeClasspath
+io.netty:netty-handler:4.1.101.Final=runtimeClasspath
+io.netty:netty-resolver:4.1.101.Final=runtimeClasspath
+io.netty:netty-transport-native-unix-common:4.1.101.Final=runtimeClasspath
+io.netty:netty-transport:4.1.101.Final=runtimeClasspath
 io.perfmark:perfmark-api:0.26.0=runtimeClasspath
 io.prometheus:simpleclient:0.16.0=runtimeClasspath
 io.prometheus:simpleclient_common:0.16.0=runtimeClasspath
@@ -88,17 +90,17 @@ org.eclipse.jetty:jetty-servlet:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util-ajax:9.4.53.v20231009=runtimeClasspath
 org.eclipse.jetty:jetty-util:9.4.53.v20231009=runtimeClasspath
 org.hdrhistogram:HdrHistogram:2.1.12=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
 org.hypertrace.core.documentstore:document-store:0.7.49=runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6=runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-server-utils:0.12.6=runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-client-utils:0.12.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-context-utils:0.12.7=runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-server-utils:0.12.7=runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:docstore-metrics:0.1.62=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:platform-metrics:0.1.62=runtimeClasspath
-org.hypertrace.core.serviceframework:platform-service-framework:0.1.62=compileClasspath,runtimeClasspath
-org.hypertrace.core.serviceframework:service-framework-spi:0.1.62=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:docstore-metrics:0.1.63=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.63=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:platform-metrics:0.1.63=runtimeClasspath
+org.hypertrace.core.serviceframework:platform-service-framework:0.1.63=compileClasspath,runtimeClasspath
+org.hypertrace.core.serviceframework:service-framework-spi:0.1.63=compileClasspath,runtimeClasspath
 org.latencyutils:LatencyUtils:2.0.3=runtimeClasspath
 org.mongodb:bson-record-codec:4.9.0=runtimeClasspath
 org.mongodb:bson:4.9.0=runtimeClasspath
diff --git a/caching-attribute-service-client/gradle.lockfile b/caching-attribute-service-client/gradle.lockfile
index e928cd90..62f83a78 100644
--- a/caching-attribute-service-client/gradle.lockfile
+++ b/caching-attribute-service-client/gradle.lockfile
@@ -3,38 +3,40 @@
 # This file is expected to be part of source control.
 com.auth0:java-jwt:4.4.0=runtimeClasspath
 com.auth0:jwks-rsa:0.22.0=runtimeClasspath
-com.fasterxml.jackson.core:jackson-annotations:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-core:2.15.2=runtimeClasspath
-com.fasterxml.jackson.core:jackson-databind:2.15.2=runtimeClasspath
-com.fasterxml.jackson:jackson-bom:2.15.2=compileClasspath,runtimeClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-core:2.16.0=runtimeClasspath
+com.fasterxml.jackson.core:jackson-databind:2.16.0=runtimeClasspath
+com.fasterxml.jackson:jackson-bom:2.16.0=compileClasspath,runtimeClasspath
 com.google.android:annotations:4.1.1.4=runtimeClasspath
-com.google.api.grpc:proto-google-common-protos:2.17.0=compileClasspath,runtimeClasspath
+com.google.api.grpc:proto-google-common-protos:2.22.0=compileClasspath,runtimeClasspath
 com.google.code.findbugs:jsr305:3.0.2=compileClasspath,runtimeClasspath
 com.google.code.gson:gson:2.10.1=runtimeClasspath
-com.google.errorprone:error_prone_annotations:2.18.0=compileClasspath,runtimeClasspath
+com.google.errorprone:error_prone_annotations:2.20.0=compileClasspath,runtimeClasspath
 com.google.guava:failureaccess:1.0.1=compileClasspath,runtimeClasspath
 com.google.guava:guava-parent:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:guava:32.1.2-jre=compileClasspath,runtimeClasspath
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava=compileClasspath,runtimeClasspath
 com.google.j2objc:j2objc-annotations:2.8=compileClasspath
 com.google.protobuf:protobuf-java:3.24.1=compileClasspath,runtimeClasspath
-io.grpc:grpc-api:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-bom:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-context:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-core:1.57.2=runtimeClasspath
-io.grpc:grpc-protobuf-lite:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-protobuf:1.57.2=compileClasspath,runtimeClasspath
-io.grpc:grpc-stub:1.57.2=compileClasspath,runtimeClasspath
-io.netty:netty-bom:4.1.100.Final=compileClasspath,runtimeClasspath
+io.grpc:grpc-api:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-bom:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-context:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-core:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-inprocess:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf-lite:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-protobuf:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-stub:1.59.1=compileClasspath,runtimeClasspath
+io.grpc:grpc-util:1.59.1=runtimeClasspath
+io.netty:netty-bom:4.1.101.Final=compileClasspath,runtimeClasspath
 io.perfmark:perfmark-api:0.26.0=runtimeClasspath
 io.reactivex.rxjava3:rxjava:3.1.7=compileClasspath,runtimeClasspath
 javax.annotation:javax.annotation-api:1.3.2=runtimeClasspath
 org.checkerframework:checker-qual:3.33.0=compileClasspath,runtimeClasspath
 org.codehaus.mojo:animal-sniffer-annotations:1.23=runtimeClasspath
-org.hypertrace.bom:hypertrace-bom:0.3.0=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-client-rx-utils:0.12.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6=compileClasspath,runtimeClasspath
-org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6=compileClasspath,runtimeClasspath
+org.hypertrace.bom:hypertrace-bom:0.3.2=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-client-rx-utils:0.12.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-client-utils:0.12.7=compileClasspath,runtimeClasspath
+org.hypertrace.core.grpcutils:grpc-context-utils:0.12.7=compileClasspath,runtimeClasspath
 org.hypertrace.core.kafkastreams.framework:kafka-bom:0.3.9=compileClasspath,runtimeClasspath
 org.projectlombok:lombok:1.18.28=annotationProcessor,compileClasspath
 org.reactivestreams:reactive-streams:1.0.4=compileClasspath,runtimeClasspath
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 0dd6d5e8..64ae8573 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -8,7 +8,7 @@
     <cpe>cpe:/a:grpc:grpc</cpe>
     <cpe>cpe:/a:utils_project:utils</cpe>
   </suppress>
-  <suppress until="2023-11-30Z">
+  <suppress until="2023-12-31Z">
     <notes><![CDATA[
   This vulnerability is disputed, with the argument that SSL configuration is the responsibility of the client rather
   than the transport. The change in default is under consideration for the next major Netty release, revisit then.
@@ -20,4 +20,13 @@
     <packageUrl regex="true">^pkg:maven/io\.netty/netty.*@.*$</packageUrl>
     <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
   </suppress>
+  <suppress until="2023-12-31Z">
+    <notes><![CDATA[
+   This CVE (rapid RST) is already mitigated as our servers aren't directly exposed, but it's also
+   addressed in 1.59.1, which the CVE doesn't reflect (not all grpc impls versions are exactly aligned).
+   Ref: https://github.com/grpc/grpc-java/pull/10675
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.grpc/grpc\-.*@.*$</packageUrl>
+    <cve>CVE-2023-44487</cve>
+  </suppress>
 </suppressions> 
\ No newline at end of file