Upgrade Golang and Java dependencies

This commit incorporates a series of version bumps as suggested by Dependabot,
as well as one that fixes a vulnerability in the Protobuf Java implementation we
are using.

Fixes #1440
Closes #1439
Closes #1436
Closes #1435
Closes #1414
Closes #1390

CHANGELOG_PENDING.md

@@ -4,4 +4,6 @@
 
 - Feature flag parameterized provider support
 
+- Upgrade Golang and Java dependencies
+
 ### Bug Fixes

pkg/cmd/pulumi-language-java/main.go

@@ -280,7 +280,7 @@ func (host *javaLanguageHost) runJavaCommand(
 }
 
 func (host *javaLanguageHost) connectToEngine() (pulumirpc.EngineClient, io.Closer, error) {
-	conn, err := grpc.Dial(
+	conn, err := grpc.NewClient(
 		host.engineAddress,
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
 		rpcutil.GrpcChannelOptions(),

pkg/codegen/testing/test/testdata/jumbo-resources/java/build.gradle

@@ -45,9 +45,9 @@ dependencies {
     implementation("com.google.code.gson:gson:2.8.9")
     implementation("com.pulumi:pulumi:0.0.1")
     implementation("org.assertj:assertj-core:3.23.1")
-    implementation("org.junit.jupiter:junit-jupiter-api:5.9.3")
+    implementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     implementation("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-    implementation("org.mockito:mockito-core:5.3.1")
+    implementation("org.mockito:mockito-core:5.14.2")
 }
 
 task sourcesJar(type: Jar) {

pkg/codegen/testing/test/testdata/mini-awsclassic/java/build.gradle

@@ -43,11 +43,11 @@ repositories {
 dependencies {
     implementation("com.google.code.findbugs:jsr305:3.0.2")
     implementation("com.google.code.gson:gson:2.8.9")
-    implementation("com.google.protobuf:protobuf-java:3.24.1")
-    implementation("com.google.protobuf:protobuf-java-util:3.24.1")
+    implementation("com.google.protobuf:protobuf-java:3.25.5")
+    implementation("com.google.protobuf:protobuf-java-util:3.25.5")
     implementation("com.pulumi:pulumi:0.0.1")
     implementation("org.assertj:assertj-core:3.23.1")
-    implementation("org.junit.jupiter:junit-jupiter-api:5.9.3")
+    implementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     implementation("org.junit.jupiter:junit-jupiter-engine:5.9.0")
 }
 

pkg/codegen/testing/test/testdata/mini-kubernetes/java/build.gradle

@@ -46,9 +46,9 @@ dependencies {
     implementation("com.google.guava:guava:32.1.2-jre")
     implementation("com.pulumi:pulumi:0.0.1")
     implementation("org.assertj:assertj-core:3.23.1")
-    implementation("org.junit.jupiter:junit-jupiter-api:5.9.3")
+    implementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     implementation("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-    implementation("org.mockito:mockito-core:5.3.1")
+    implementation("org.mockito:mockito-core:5.14.2")
 }
 
 task sourcesJar(type: Jar) {

pkg/codegen/testing/test/testdata/simple-enum-schema/java/build.gradle

@@ -46,9 +46,9 @@ dependencies {
     implementation("com.google.guava:guava:32.1.2-jre")
     implementation("com.pulumi:pulumi:0.0.1")
     implementation("org.assertj:assertj-core:3.23.1")
-    implementation("org.junit.jupiter:junit-jupiter-api:5.9.3")
+    implementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     implementation("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-    implementation("org.mockito:mockito-core:5.3.1")
+    implementation("org.mockito:mockito-core:5.14.2")
 }
 
 task sourcesJar(type: Jar) {

pkg/codegen/testing/test/testdata/simple-plain-schema/java/build.gradle

@@ -46,9 +46,9 @@ dependencies {
     implementation("com.google.guava:guava:32.1.2-jre")
     implementation("com.pulumi:pulumi:0.0.1")
     implementation("org.assertj:assertj-core:3.23.1")
-    implementation("org.junit.jupiter:junit-jupiter-api:5.9.3")
+    implementation("org.junit.jupiter:junit-jupiter-api:5.10.0")
     implementation("org.junit.jupiter:junit-jupiter-engine:5.9.0")
-    implementation("org.mockito:mockito-core:5.3.1")
+    implementation("org.mockito:mockito-core:5.14.2")
 }
 
 task sourcesJar(type: Jar) {

pkg/go.mod

@@ -11,23 +11,22 @@ replace github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
 require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/golang/protobuf v1.5.4
-	github.com/hashicorp/hcl/v2 v2.17.0
+	github.com/hashicorp/hcl/v2 v2.22.0
 	github.com/hexops/autogold/v2 v2.2.1
 	github.com/pkg/errors v0.9.1
 	github.com/pulumi/pulumi/pkg/v3 v3.132.0
 	github.com/pulumi/pulumi/sdk/v3 v3.132.0
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0
 	github.com/zclconf/go-cty v1.13.2
-	google.golang.org/grpc v1.63.2
-	google.golang.org/protobuf v1.33.0
+	google.golang.org/grpc v1.67.1
+	google.golang.org/protobuf v1.35.1
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute v1.25.0 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
 	cloud.google.com/go/iam v1.1.6 // indirect
 	cloud.google.com/go/kms v1.15.7 // indirect
 	cloud.google.com/go/logging v1.9.0 // indirect
@@ -46,6 +45,7 @@ require (
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aws/aws-sdk-go v1.50.36 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
@@ -87,7 +87,7 @@ require (
 	github.com/gofrs/uuid v4.2.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
-	github.com/golang/glog v1.2.0 // indirect
+	github.com/golang/glog v1.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -173,23 +173,22 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	gocloud.dev v0.37.0 // indirect
 	gocloud.dev/secrets/hashivault v0.37.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect
 	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/oauth2 v0.18.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/api v0.169.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	lukechampine.com/frand v1.4.2 // indirect
 	mvdan.cc/gofumpt v0.5.0 // indirect