Security vulnerability CVE-2024-7254 found in version 5.9.3 of micronaut-micrometer-registry-prometheus

[chenlin2001]

Issue description

Follow up on issue #845
The vulnerability still exists in version 5.9.3
as io.prometheus : prometheus-metrics-shaded-protobuf 1.2.1 is brought in.
See mvn dependency:tree:

+- io.micronaut.micrometer:micronaut-micrometer-core:jar:5.9.3:compile
[INFO] |  \- io.micrometer:micrometer-core:jar:1.13.6:compile
[INFO] |     +- io.micrometer:micrometer-commons:jar:1.13.6:compile
[INFO] |     +- io.micrometer:micrometer-observation:jar:1.13.6:compile
[INFO] |     +- org.hdrhistogram:HdrHistogram:jar:2.2.2:runtime
[INFO] |     \- org.latencyutils:LatencyUtils:jar:2.0.3:runtime
[INFO] +- io.micronaut.micrometer:micronaut-micrometer-registry-prometheus:jar:5.9.3:compile
[INFO] |  \- io.micrometer:micrometer-registry-prometheus:jar:1.13.6:compile
[INFO] |     +- io.prometheus:prometheus-metrics-core:jar:1.2.1:compile
[INFO] |     |  +- io.prometheus:prometheus-metrics-model:jar:1.2.1:compile
[INFO] |     |  \- io.prometheus:prometheus-metrics-config:jar:1.2.1:compile
[INFO] |     +- io.prometheus:prometheus-metrics-tracer-common:jar:1.2.1:compile
[INFO] |     \- io.prometheus:prometheus-metrics-exposition-formats:jar:1.2.1:runtime
[INFO] |        \- io.prometheus:prometheus-metrics-shaded-protobuf:jar:1.2.1:runtime