Skip to content

VULN UPGRADE: minor upgrades — 8 packages (minor: 3 · patch: 5) [src/recommendationservice]#36

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/recommendationservice/3-1770993595
Open

VULN UPGRADE: minor upgrades — 8 packages (minor: 3 · patch: 5) [src/recommendationservice]#36
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/recommendationservice/3-1770993595

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: High-severity security update — 8 packages upgraded (MINOR changes included)

Manifests changed:

  • src/recommendationservice (pip)

Updates

Package From To Type Vulnerabilities Fixed
grpcio 1.51.1 1.78.0 minor 4 HIGH
requests 2.28.1 2.28.2 patch 5 MODERATE, 2 MEDIUM
google-cloud-profiler 4.0.0 4.1.0 minor -
opentelemetry-exporter-otlp-proto-grpc 1.15.0 1.39.1 minor -
google-api-core 2.11.0 2.11.1 patch -
grpcio-health-checking 1.51.1 1.51.3 patch -
python-json-logger 2.0.4 2.0.7 patch -
rsa 4.9 4.9.1 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (4 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
grpcio GHSA-496j-2rq6-j6cc HIGH Excessive Iteration in gRPC 1.51.1 1.53.2
grpcio CVE-2023-33953 HIGH - 1.51.1 -
grpcio GHSA-6628-q6j9-w8vg HIGH gRPC Reachable Assertion issue 1.51.1 1.53.0
grpcio CVE-2023-1428 HIGH - 1.51.1 -
ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
requests PYSEC-2023-74 medium - 2.28.1 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
requests CVE-2023-32681 medium Unintended leak of Proxy-Authorization header in requests 2.28.1 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.28.1 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.28.1 -
requests GHSA-j8r2-6x86-q33q MODERATE Unintended leak of Proxy-Authorization header in requests 2.28.1 2.31.0
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.28.1 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.28.1 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.28.1 - 2.28.2 src/recommendationservice/requirements.in

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants