Skip to content

Commit 5535ccd

Browse files
benitezfedebenitezfede
committed
Merge branch 'fbenitez/vuln-620-minor-upgrade-for-protobuf-apollo-agent-container' into dev
2 parents 65579b3 + 3b98527 commit 5535ccd

6 files changed

Lines changed: 43 additions & 17 deletions

requirements-azure.in

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,8 @@ azure-mgmt-resource==23.0.1
55
azure-monitor-opentelemetry==1.3.0
66
azure-monitor-query==1.2.1
77
aiohttp==3.10.11
8-
viztracer==0.17.1
8+
deprecated==1.2.18 # Added VULN-620
9+
opentelemetry-api==1.25.0 # Added VULN-620
10+
viztracer==0.17.1 # Added VULN-620
11+
wrapt==1.17.2 # Added VULN-620
12+
zipp==3.23.0 # Added VULN-620

requirements-azure.txt

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -60,8 +60,10 @@ charset-normalizer==3.3.2
6060
# via
6161
# -c requirements.txt
6262
# requests
63-
deprecated==1.2.14
64-
# via opentelemetry-api
63+
deprecated==1.2.18
64+
# via
65+
# -r requirements-azure.in
66+
# opentelemetry-api
6567
fixedint==0.1.6
6668
# via azure-monitor-opentelemetry-exporter
6769
frozenlist==1.4.1
@@ -99,6 +101,7 @@ objprint==0.3.0
99101
# via viztracer
100102
opentelemetry-api==1.25.0
101103
# via
104+
# -r requirements-azure.in
102105
# azure-core-tracing-opentelemetry
103106
# azure-monitor-opentelemetry-exporter
104107
# opentelemetry-instrumentation
@@ -217,16 +220,19 @@ urllib3==2.4.0
217220
# requests
218221
viztracer==0.17.1
219222
# via -r requirements-azure.in
220-
wrapt==1.16.0
223+
wrapt==1.17.2
221224
# via
225+
# -r requirements-azure.in
222226
# deprecated
223227
# opentelemetry-instrumentation
224228
# opentelemetry-instrumentation-dbapi
225229
# opentelemetry-instrumentation-urllib3
226230
yarl==1.12.0
227231
# via aiohttp
228-
zipp==3.19.2
229-
# via importlib-metadata
232+
zipp==3.23.0
233+
# via
234+
# -r requirements-azure.in
235+
# importlib-metadata
230236

231237
# The following packages are considered to be unsafe in a requirements file:
232238
# setuptools

requirements-cloudrun.in

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
11
-c requirements.txt
2-
google-cloud-logging==3.10.0
3-
google-cloud-run==0.10.5
2+
google-cloud-logging==3.12.1 # Upgraded in VULN-620
3+
google-cloud-run==0.10.18 # Upgraded in VULN-620
4+
importlib-metadata==7.1.0 # Added VULN-620
5+
opentelemetry-api==1.25.0 # Added VULN-620

requirements-cloudrun.txt

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ charset-normalizer==3.3.2
1616
# via
1717
# -c requirements.txt
1818
# requests
19+
deprecated==1.2.18
20+
# via opentelemetry-api
1921
google-api-core==2.19.1
2022
# via
2123
# -c requirements.txt
@@ -33,15 +35,15 @@ google-auth==2.30.0
3335
# google-cloud-run
3436
google-cloud-appengine-logging==1.4.5
3537
# via google-cloud-logging
36-
google-cloud-audit-log==0.3.0
38+
google-cloud-audit-log==0.3.2
3739
# via google-cloud-logging
3840
google-cloud-core==2.4.1
3941
# via
4042
# -c requirements.txt
4143
# google-cloud-logging
42-
google-cloud-logging==3.10.0
44+
google-cloud-logging==3.12.1
4345
# via -r requirements-cloudrun.in
44-
google-cloud-run==0.10.5
46+
google-cloud-run==0.10.18
4547
# via -r requirements-cloudrun.in
4648
googleapis-common-protos==1.63.2
4749
# via
@@ -50,7 +52,7 @@ googleapis-common-protos==1.63.2
5052
# google-cloud-audit-log
5153
# grpc-google-iam-v1
5254
# grpcio-status
53-
grpc-google-iam-v1==0.13.1
55+
grpc-google-iam-v1==0.14.2
5456
# via
5557
# google-cloud-logging
5658
# google-cloud-run
@@ -66,14 +68,22 @@ idna==3.7
6668
# via
6769
# -c requirements.txt
6870
# requests
71+
importlib-metadata==7.1.0
72+
# via
73+
# -r requirements-cloudrun.in
74+
# opentelemetry-api
75+
opentelemetry-api==1.25.0
76+
# via
77+
# -r requirements-cloudrun.in
78+
# google-cloud-logging
6979
proto-plus==1.24.0
7080
# via
7181
# -c requirements.txt
7282
# google-api-core
7383
# google-cloud-appengine-logging
7484
# google-cloud-logging
7585
# google-cloud-run
76-
protobuf==4.25.3
86+
protobuf==5.29.5
7787
# via
7888
# -c requirements.txt
7989
# google-api-core
@@ -106,3 +116,7 @@ urllib3==2.4.0
106116
# via
107117
# -c requirements.txt
108118
# requests
119+
wrapt==1.17.2
120+
# via deprecated
121+
zipp==3.23.0
122+
# via importlib-metadata

requirements.in

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ dataclasses-json==0.6.0
1010
duckdb==1.1.0
1111
flask==2.3.3
1212
flask-compress==1.14
13-
google-api-python-client==2.98.0
13+
google-api-python-client==2.176.0 # Upgraded in VULN-620
1414
google-cloud-storage==2.10.0
1515
gunicorn==22.0.0
1616
hdbcli==2.18.27
@@ -21,7 +21,7 @@ msal==1.31.0
2121
numpy<2.0.0 # prevent "numpy.dtype size changed" errors: https://github.com/numpy/numpy/issues/26710
2222
oracledb>=2.4.1
2323
presto-python-client==0.8.3
24-
protobuf<5.0.0dev # from google-cloud-logging in requirements-cloudrun
24+
protobuf==5.29.5 # from google-cloud-logging in requirements-cloudrun - Upgraded in VULN-620
2525
psycopg2-binary==2.9.9
2626
pyarrow==17.0.0 # CVE-2024-52338
2727
pycryptodome>=3.21.0

requirements.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ google-api-core==2.19.1
100100
# google-api-python-client
101101
# google-cloud-core
102102
# google-cloud-storage
103-
google-api-python-client==2.98.0
103+
google-api-python-client==2.176.0
104104
# via -r requirements.in
105105
google-auth==2.30.0
106106
# via
@@ -212,7 +212,7 @@ presto-python-client==0.8.3
212212
# via -r requirements.in
213213
proto-plus==1.24.0
214214
# via google-api-core
215-
protobuf==4.25.3
215+
protobuf==5.29.5
216216
# via
217217
# -r requirements.in
218218
# google-api-core

0 commit comments

Comments
 (0)