From 98dda52706ac439869eec4d1a9411054d77d35d7 Mon Sep 17 00:00:00 2001
From: Patrik Nordwall <patrik.nordwall@gmail.com>
Date: Fri, 20 Oct 2023 16:06:20 +0200
Subject: [PATCH] bump: protobuf-java 3.24.0 in Kinesis (#3026)

---
 project/Dependencies.scala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index ea0d95396d..c92fdb22b3 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -17,7 +17,6 @@ object Dependencies {
 
   val AwsSdk2Version = "2.17.295"
   val AwsSpiAkkaHttpVersion = "1.0.1"
-  val ProtobufJavaVersion = "3.21.12"
   // Sync with plugins.sbt
   val AkkaGrpcBinaryVersion = "2.4"
   // sync ignore prefix in scripts/link-validator.conf#L30
@@ -340,6 +339,7 @@ object Dependencies {
       ) ++ JacksonDatabindDependencies
   )
 
+  val KinesisProtobufJavaVersion = "3.24.0" // sync with Akka gRPC
   val Kinesis = Seq(
     libraryDependencies ++= Seq(
         "com.typesafe.akka" %% "akka-http" % AkkaHttpVersion,
@@ -350,7 +350,7 @@ object Dependencies {
         "software.amazon.awssdk" % "kinesis" % AwsSdk2Version, // ApacheV2
         "software.amazon.awssdk" % "firehose" % AwsSdk2Version, // ApacheV2
         "software.amazon.kinesis" % "amazon-kinesis-client" % "2.4.0", // ApacheV2
-        "com.google.protobuf" % "protobuf-java" % ProtobufJavaVersion // CVE in older transitive dependency
+        "com.google.protobuf" % "protobuf-java" % KinesisProtobufJavaVersion // CVE in older transitive dependency
       ).map(
         _.excludeAll(
           ExclusionRule("software.amazon.awssdk", "apache-client"),