From c4f496d6f41513cf8dba077e6602d40d52773738 Mon Sep 17 00:00:00 2001
From: Yimin Chen <yimin.chen@live.com>
Date: Sat, 17 Jan 2026 19:06:07 -0800
Subject: [PATCH 1/3] Upgrade grpc to 1.75.0 to fix CVE-2025-55163 and
 CVE-2025-24970

- Update grpcVersion from 1.58.1 to 1.75.0
- Add grpc-protobuf dependency to temporal-serviceclient (no longer
  transitively included by grpc-services in 1.75.0)
- Suppress deprecation warning for Guava Throwables.propagateIfPossible
  (deprecated in Guava 33.x brought in by grpc 1.75.0)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 build.gradle                                                    | 2 +-
 temporal-serviceclient/build.gradle                             | 1 +
 .../java/io/temporal/testing/internal/SDKTestWorkflowRule.java  | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 2158196b76..1ab9ed1ab9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,7 +28,7 @@ allprojects {
 
 ext {
     // Platforms
-    grpcVersion = '1.58.1' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
+    grpcVersion = '1.75.0' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
     jacksonVersion = '2.15.4' // [2.9.0,)
     nexusVersion = '0.4.0-alpha'
     // we don't upgrade to 1.10.x because it requires kotlin 1.6. Users may use 1.10.x in their environments though.
diff --git a/temporal-serviceclient/build.gradle b/temporal-serviceclient/build.gradle
index 3356d3e58f..4643735052 100644
--- a/temporal-serviceclient/build.gradle
+++ b/temporal-serviceclient/build.gradle
@@ -12,6 +12,7 @@ dependencies {
     api ("io.grpc:grpc-api") //Classes like io.grpc.Metadata are used as a part of our API
     api "io.grpc:grpc-stub" //Part of WorkflowServiceStubs API
     api "io.grpc:grpc-netty-shaded" //Part of WorkflowServiceStubs API, specifically SslContext
+    api "io.grpc:grpc-protobuf" //For io.grpc.protobuf.StatusProto and ProtoUtils used by generated stubs
     api "io.grpc:grpc-services" //Standard gRPC HealthCheck Response class
     api "io.grpc:grpc-inprocess" //For the in-process time skipping test server
     api "com.google.protobuf:protobuf-java-util:$protoVersion" //proto request and response objects are a part of this module's API
diff --git a/temporal-testing/src/main/java/io/temporal/testing/internal/SDKTestWorkflowRule.java b/temporal-testing/src/main/java/io/temporal/testing/internal/SDKTestWorkflowRule.java
index f749c68e0f..48a00afc45 100644
--- a/temporal-testing/src/main/java/io/temporal/testing/internal/SDKTestWorkflowRule.java
+++ b/temporal-testing/src/main/java/io/temporal/testing/internal/SDKTestWorkflowRule.java
@@ -456,6 +456,7 @@ public <R> void addWorkflowImplementationFactory(
         .registerWorkflowImplementationFactory(factoryImpl, factoryFunc);
   }
 
+  @SuppressWarnings("deprecation")
   public void regenerateHistoryForReplay(String workflowId, String fileName) {
     if (REGENERATE_JSON_FILES) {
       String json = getExecutionHistory(workflowId).toJson(true);

From 100caaafd27190bab8cb472904d9a7220adc6117 Mon Sep 17 00:00:00 2001
From: tconley1428 <tconley1428@gmail.com>
Date: Tue, 20 Jan 2026 09:10:47 -0800
Subject: [PATCH 2/3] Update build.gradle

---
 build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index 1ab9ed1ab9..ab04463d78 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,7 +28,7 @@ allprojects {
 
 ext {
     // Platforms
-    grpcVersion = '1.75.0' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
+    grpcVersion = '1.78.0' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
     jacksonVersion = '2.15.4' // [2.9.0,)
     nexusVersion = '0.4.0-alpha'
     // we don't upgrade to 1.10.x because it requires kotlin 1.6. Users may use 1.10.x in their environments though.
@@ -80,4 +80,4 @@ apply from: "$rootDir/gradle/dependencyManagement.gradle"
 apply from: "$rootDir/gradle/gatherDependencies.gradle"
 if (project.hasProperty("jacoco")) {
     apply from: "$rootDir/gradle/jacoco.gradle"
-}
\ No newline at end of file
+}

From 4ae7acca0747c79685e305c25bde67fbe33208eb Mon Sep 17 00:00:00 2001
From: Tim Conley <timothy.conley@temporal.io>
Date: Tue, 20 Jan 2026 09:35:57 -0800
Subject: [PATCH 3/3] Revert "Update build.gradle"

This reverts commit 100caaafd27190bab8cb472904d9a7220adc6117.
---
 build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index ab04463d78..1ab9ed1ab9 100644
--- a/build.gradle
+++ b/build.gradle
@@ -28,7 +28,7 @@ allprojects {
 
 ext {
     // Platforms
-    grpcVersion = '1.78.0' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
+    grpcVersion = '1.75.0' // [1.38.0,) Needed for io.grpc.protobuf.services.HealthStatusManager
     jacksonVersion = '2.15.4' // [2.9.0,)
     nexusVersion = '0.4.0-alpha'
     // we don't upgrade to 1.10.x because it requires kotlin 1.6. Users may use 1.10.x in their environments though.
@@ -80,4 +80,4 @@ apply from: "$rootDir/gradle/dependencyManagement.gradle"
 apply from: "$rootDir/gradle/gatherDependencies.gradle"
 if (project.hasProperty("jacoco")) {
     apply from: "$rootDir/gradle/jacoco.gradle"
-}
+}
\ No newline at end of file