From 35f58eaee5be7bb785e847caaf195deb4e1f7ef8 Mon Sep 17 00:00:00 2001
From: anujgoyal <anuj@traceable.ai>
Date: Wed, 27 May 2026 14:02:47 +0530
Subject: [PATCH] NO-TICKET/[agent-vuln-fix] Update grpc to 1.76.0 and netty to
 4.1.134.Final

Fixes:
- CVE-2026-33186 (CVSS 9.1): grpc-java vulnerability, fixed in 1.76.0
- CVE-2026-42582 (CVSS 7.5): Netty vulnerability, fixed in 4.1.134.Final

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

AI-Session-Id: d2363cc1-cce6-4d72-8ee6-de9dd20e8636
AI-Tool: claude-code
AI-Model: unknown
---
 gradle/libs.versions.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 66e3bf6..aecf19a 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -1,6 +1,6 @@
 [versions]
 protoc = "3.25.8"
-grpc = "1.75.0"
+grpc = "1.76.0"
 hypertrace-framework = "0.1.94"
 hypertrace-grpcutils = "0.13.23"
 hypertrace-kafka = "0.6.4"
@@ -10,7 +10,7 @@ hypertrace-gatewayservice = "0.3.9"
 hypertrace-entityservice = "0.8.86"
 hypertrace-configservice = "0.1.74"
 jetty = "12.1.9"
-netty = "4.1.133.Final"
+netty = "4.1.134.Final"
 
 junit = "5.10.0"
 mockito = "5.8.0"