The zlib version is updated in 1.3 in this commit -https://github.com/grpc/grpc/pull/35147/commits/3bc42c5654bbc9147f9de02df6e76813ed16aeeb . Are there any plans to update the zlib to 1.3.1 version and release a new Grpc.Core Nuget package with it?
I am using Opentelemetry library which uses Grpc.Core, the current scanning of this library is showing zlib vulnerability(CVE-2023-45853) with 1.2.13. Though the API affected by the vulnerability is not used in gRPC.Core. Having zlib 1.3.1 on Grpc.Core would be great.
"Though the API affected by the vulnerability is not used in gRPC.Core." Exactly. So you do not have a problem. That CVE is for minizip, not zlib.