chore: resolve protoc-gen-go-grpc vulnerability

[shahar-h]

What this PR does / why we need it:
Use a temporary replace directive to resolve google.golang.org/protobuf vulnerability in google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0.
This will be removed once a new release is available(see related issue).

Which issue(s) this PR fixes:

Fixes #

[arkodg]

Shouldn't a manual go get fix this ?

[shahar-h]

Yes, once a new google.golang.org/grpc/cmd/protoc-gen-go-grpc version is available.

[shahar-h]

/retest

[shahar-h]

/retest

[arkodg]

here's what I was suggesting

$ cd tools/src/protoc-gen-go-grpc
$ go get google.golang.org/protobuf@v1.33.0
go: upgraded google.golang.org/protobuf v1.28.1 => v1.33.0
$ go mod tidy
go: downloading github.com/google/go-cmp v0.5.5
go: downloading golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
$ git diff
diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod
index 77ab0f34..df13e99f 100644
--- a/tools/src/protoc-gen-go-grpc/go.mod
+++ b/tools/src/protoc-gen-go-grpc/go.mod
@@ -4,4 +4,4 @@ go 1.22.2
 
 require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
 
-require google.golang.org/protobuf v1.28.1 // indirect
+require google.golang.org/protobuf v1.33.0 // indirect
diff --git a/tools/src/protoc-gen-go-grpc/go.sum b/tools/src/protoc-gen-go-grpc/go.sum
index 8d750cf2..310db113 100644
--- a/tools/src/protoc-gen-go-grpc/go.sum
+++ b/tools/src/protoc-gen-go-grpc/go.sum
@@ -1,10 +1,8 @@
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 h1:rNBFJjBCOgVr9pWD7rs/knKL4FRTKgpZmsRfV214zcA=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0/go.mod h1:Dk1tviKTvMCz5tvh7t+fh94dhmQVHuCt2OzJB3CTW9Y=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=

[shahar-h]

go get google.golang.org/protobuf@v1.33.0

This would also work but IMO using a replace directive is cleaner and more clear as you can see the original version and add a comment above the version override.

[shahar-h]

/retest

[arkodg]

go get google.golang.org/protobuf@v1.33.0

This would also work but IMO using a replace directive is cleaner and more clear as you can see the original version and add a comment above the version override.

It also introduces tech debt of reverting the replace in the future

[arkodg]

here's what dependabot raised #3270

[shahar-h]

Fixed, you can merge either this one or #3270

[shahar-h]

/retest

[shahar-h]

/retest

[shahar-h]

/retest