From 5718833677ef42c869c19ba585b27ec5f583ff1f Mon Sep 17 00:00:00 2001
From: kaibocai <89094811+kaibocai@users.noreply.github.com>
Date: Tue, 7 Nov 2023 07:22:51 -0600
Subject: [PATCH 1/2] remove unused dependency - update protocVersion

---
 azurefunctions/build.gradle | 3 ---
 client/build.gradle         | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/azurefunctions/build.gradle b/azurefunctions/build.gradle
index 04c2a4c..50de9a6 100644
--- a/azurefunctions/build.gradle
+++ b/azurefunctions/build.gradle
@@ -8,8 +8,6 @@ group 'com.microsoft'
 version = '1.5.0'
 archivesBaseName = 'durabletask-azure-functions'
 
-def protocVersion = '3.12.0'
-
 repositories {
     maven {
         url "https://oss.sonatype.org/content/repositories/snapshots/"
@@ -19,7 +17,6 @@ repositories {
 dependencies {
     api project(':client')
     implementation group: 'com.microsoft.azure.functions', name: 'azure-functions-java-library', version: '3.0.0'
-    implementation "com.google.protobuf:protobuf-java:${protocVersion}"
     compileOnly "com.microsoft.azure.functions:azure-functions-java-spi:1.0.0"
 }
 
diff --git a/client/build.gradle b/client/build.gradle
index 2da2165..e3d93c2 100644
--- a/client/build.gradle
+++ b/client/build.gradle
@@ -12,7 +12,7 @@ version = '1.5.0'
 archivesBaseName = 'durabletask-client'
 
 def grpcVersion = '1.59.0'
-def protocVersion = '3.12.0'
+def protocVersion = '3.25.0'
 def jacksonVersion = '2.15.3'
 // When build on local, you need to set this value to your local jdk11 directory.
 // Java11 is used to compile and run all the tests.

From d227de390484ef25fbf0a0ab18e0d7d9d0a7413f Mon Sep 17 00:00:00 2001
From: kaibocai <89094811+kaibocai@users.noreply.github.com>
Date: Tue, 7 Nov 2023 07:26:08 -0600
Subject: [PATCH 2/2] update CHANGELOG.md

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9259ed3..f076867 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## placeholder
+* Remove unused dependency `protobuf-java` to resolve CVEs ([#180](https://github.com/microsoft/durabletask-java/pull/180))
+
 ## v1.5.0
 * Fix exception type issue when using `RetriableTask` in fan in/out pattern ([#174](https://github.com/microsoft/durabletask-java/pull/174))
 * Add implementation to generate name-based deterministic UUID ([#176](https://github.com/microsoft/durabletask-java/pull/176))