Skip to content

VULN UPGRADE: minor: protobuf · patch: requests [examples/grpc-bridge]#14

Closed
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/grpc-bridge/4-1770965541
Closed

VULN UPGRADE: minor: protobuf · patch: requests [examples/grpc-bridge]#14
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/pip/grpc-bridge/4-1770965541

Conversation

@campaigner-prod
Copy link
Copy Markdown

@campaigner-prod campaigner-prod Bot commented Feb 13, 2026

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • examples/grpc-bridge (pip)

Updates

Package From To Type Vulnerabilities Fixed
protobuf 5.27.0 5.29.6 minor 3 HIGH
requests 2.32.3 2.32.5 patch 2 MODERATE

Security Details

🚨 Critical & High Severity (3 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
protobuf GHSA-7gcm-g887-7qv7 HIGH protobuf affected by a JSON recursion depth bypass 5.27.0 6.33.5
protobuf GHSA-8qvm-5x2c-j2w7 HIGH protobuf-python has a potential Denial of Service issue 5.27.0 4.25.8
protobuf CVE-2025-4565 HIGH - 5.27.0 -
ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.3 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.3 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.32.3 - 2.32.5 examples/grpc-bridge/client/requirements.in

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

dd-prapprover[bot]
dd-prapprover Bot approved these changes Feb 13, 2026
View reviewed changes
Copy link
Copy Markdown

@dd-prapprover dd-prapprover Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Feb 13, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-02-13 07:01:11 UTC ℹ️ Start processing command /merge

2026-02-13 07:01:15 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 0s (p90).

2026-02-13 09:00:56 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

2026-02-13 11:01:13 UTC ℹ️ MergeQueue: Readding this merge request to the queue because another merge request processed with yours failed. No action is needed from your side.

2026-02-13 13:01:28 UTCMergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 0 took longer than expected. The current limit for the base branch 'master' is 120 minutes.

@campaigner-prod campaigner-prod Bot closed this Mar 1, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/minorpatch/pip/grpc-bridge/4-1770965541 branch March 1, 2026 14:04
@DataDog DataDog deleted a comment from dd-prapprover Bot Mar 15, 2026
@DataDog DataDog deleted a comment from dd-prapprover Bot Mar 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

Assignees

No one assigned

Labels

adms-dependency-update campaigner-automated-change mergequeue-status: rejected

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants