Skip to content

chore: apply security updates to docker images and python dependencies#3937

Open
gcf-owl-bot[bot] wants to merge 1 commit into
mainfrom
owl-bot-update-lock-e7afa06497c2aa2a1d2403c140600802d851dc501e345901adde3b5dadd7e51a
Open

chore: apply security updates to docker images and python dependencies#3937
gcf-owl-bot[bot] wants to merge 1 commit into
mainfrom
owl-bot-update-lock-e7afa06497c2aa2a1d2403c140600802d851dc501e345901adde3b5dadd7e51a

Conversation

@gcf-owl-bot

@gcf-owl-bot gcf-owl-bot Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor
  • Add apt-get upgrade -y right after apt-get update in all OwlBot Dockerfiles to patch OS-level vulnerabilities (e.g. perl).
  • Upgrade pip, setuptools, and wheel inside Python pyenv and virtual environments in the Dockerfiles to address vulnerabilities in the Python toolchain.
  • Regenerate requirements.txt using Python 3.10 to update transitive dependencies, notably upgrading idna to 3.18 to resolve CVE-2026-45409.

Source-Link: googleapis/synthtool@2bb8ca5
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:e7afa06497c2aa2a1d2403c140600802d851dc501e345901adde3b5dadd7e51a

- Add `apt-get upgrade -y` right after `apt-get update` in all OwlBot Dockerfiles to patch OS-level vulnerabilities (e.g. perl).
- Upgrade `pip`, `setuptools`, and `wheel` inside Python pyenv and virtual environments in the Dockerfiles to address vulnerabilities in the Python toolchain.
- Regenerate `requirements.txt` using Python 3.10 to update transitive dependencies, notably upgrading `idna` to `3.18` to resolve CVE-2026-45409.

Source-Link: googleapis/synthtool@2bb8ca5
Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:e7afa06497c2aa2a1d2403c140600802d851dc501e345901adde3b5dadd7e51a
@gcf-owl-bot
gcf-owl-bot Bot requested a review from a team as a code owner July 17, 2026 20:47
@trusted-contributions-gcf trusted-contributions-gcf Bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Jul 17, 2026
@product-auto-label product-auto-label Bot added the size: xs Pull request size is extra small. label Jul 17, 2026
@gcf-owl-bot gcf-owl-bot Bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Jul 17, 2026
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

owl-bot-update-lock size: xs Pull request size is extra small.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant