durabletask-java: google protobuf version 3.12.0 vulnerability #251
Description
In our azure app, we are noticing a warning message for our orchestrator. We did some diagnostics that pointed us to protobuf-java version 3.12.0 as the culprit. According to synk, this version is vulnerable to DOS attacks. They recommend at least upgrading to version 3.25.5 - https://security.snyk.io/package/maven/com.google.protobuf%3Aprotobuf-java/3.12.0
More specifically, in durabletask-java/azurefunctions/build.gradle, it looks like line 12 uses version 3.12.0. The maven website also lists the vulnerable library in the POM file - https://central.sonatype.com/artifact/com.microsoft/durabletask-azure-functions/overview
I cannot confirm that this only spot that needs fixing so a deeper dive should be done before pushing the fix. I also got some chat gpt recommendations to look into durabletask-protobuf, but I can't confirm if this library is a dependency anywhere so I won't be reporting an issue in that repository at this time.
