Upgrade protobuf version to fix security issue (#1980)

sachinkaushik · web-flow · commit e41f3fef5dbc · 2026-03-02T16:34:58.000+05:30
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/3d-pose-estimation/Dockerfile b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/3d-pose-estimation/Dockerfile
@@ -4,7 +4,6 @@ ARG HTTP_PROXY
 ARG HTTPS_PROXY
 ARG NO_PROXY
 
-
 # GPU support (if using OpenVINO with GPU plugin, ensure the base image has necessary drivers/libraries)
 ARG INSTALL_DRIVER_VERSION="25.31.34666"
 ARG USER_ID=1000
@@ -13,6 +12,7 @@ ARG USER_GROUP_ID=1000
 RUN groupadd -g ${USER_GROUP_ID} appuser && useradd -m -s /bin/bash -u ${USER_ID} -g ${USER_GROUP_ID} appuser
 
 RUN apt-get update -y && apt-get install -y --no-install-recommends --fix-missing \
+    ca-certificates \
     curl \
     && rm -rf /var/lib/apt/lists/* 
 
@@ -32,7 +32,7 @@ WORKDIR /app
 
 # Copy requirements and install Python dependencies (relative to build context)
 COPY src/requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir --default-timeout=300 --retries=5 -r requirements.txt
 
 # Copy proto files and generate Python code (relative to build context)
 COPY proto/ ./proto/
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/3d-pose-estimation/src/requirements.txt b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/3d-pose-estimation/src/requirements.txt
@@ -5,9 +5,9 @@ numpy>=1.23.0,<2.0
 scipy>=1.10.0
 
 # gRPC runtime
-grpcio>=1.60.0
-grpcio-tools>=1.60.0
-protobuf>=4.25.0,<5.0.0
+grpcio==1.78.0
+grpcio-tools==1.71.2
+protobuf==5.29.6
 
 # Control server and MJPEG streaming
 fastapi>=0.104.0
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-aggregator/Dockerfile b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-aggregator/Dockerfile
@@ -10,15 +10,16 @@ WORKDIR /app
 
 # Install system packages (if grpcio needs build tools on some platforms)
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-       build-essential \
-    && rm -rf /var/lib/apt/lists/*
+     && apt-get install -y --no-install-recommends \
+         ca-certificates \
+         build-essential \
+     && rm -rf /var/lib/apt/lists/*
 
 # Copy Python dependencies definition
 COPY requirements.txt ./
 
 # Install Python dependencies
-RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir --default-timeout=300 --retries=5 -r requirements.txt
 
 # Copy the application source and proto package (including *_pb2*.py stubs)
 COPY aggregator ./aggregator
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-aggregator/requirements.txt b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-aggregator/requirements.txt
@@ -1,8 +1,7 @@
 fastapi>=0.110.0
 uvicorn[standard]>=0.27.0
 websockets>=12.0
-grpcio>=1.60.0
-grpcio-tools>=1.60.0
-protobuf>=4.25.0
+grpcio==1.78.0
+protobuf==6.33.5
 pyyaml>=6.0.0
 requests>=2.31.0
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-assets/requirements.txt b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/patient-monitoring-assets/requirements.txt
@@ -12,7 +12,6 @@ torch==2.8.0
 # Conversion deps
 onnx>=1.14.0
 onnxscript
-protobuf<5.0.0
 PyYAML
 
 # OpenVINO (model conversion)
diff --git a/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/rppg/requirements.txt b/health-and-life-sciences-ai-suite/multi_modal_patient_monitoring/services/rppg/requirements.txt
@@ -7,8 +7,8 @@ scipy>=1.11.0
 openvino>=2024.6.0,<2025.0
 
 # gRPC runtime (protos are pre-generated)
-grpcio>=1.60.0
-protobuf>=4.25.0,<5.0.0
+grpcio==1.78.0
+protobuf==6.33.5
 
 # Configuration & Utilities
 pyyaml>=6.0.0
