From 28929f5b3e54c79b394d72167cbdb65baf24117e Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 21 Jul 2025 10:29:57 +0100 Subject: [PATCH] runtime: Bump promethus Bump this crate to remove the old version of protobuf and remediate RUSTSEC-2024-0437 Signed-off-by: stevenhorsman --- src/agent/Cargo.lock | 41 +++++++++++++++++------------------------ src/agent/Cargo.toml | 2 +- 2 files changed, 18 insertions(+), 25 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index a02d7e7a35..14d2b36ea6 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -2035,7 +2035,7 @@ dependencies = [ "opentelemetry", "procfs 0.12.0", "prometheus", - "protobuf 3.7.2", + "protobuf", "protocols", "regex", "rstest", @@ -3095,22 +3095,21 @@ dependencies = [ [[package]] name = "procfs" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "731e0d9356b0c25f16f33b5be79b1c57b562f141ebfcdb0ad8ac2c13a24293b4" +checksum = "cc5b72d8145275d844d4b5f6d4e1eef00c8cd889edb6035c21675d1bb1f45c9f" dependencies = [ "bitflags 2.9.0", "hex", - "lazy_static", "procfs-core", "rustix 0.38.44", ] [[package]] name = "procfs-core" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d3554923a69f4ce04c4a754260c338f505ce22642d3830e049a399fc2059a29" +checksum = "239df02d8349b06fc07398a3a1697b06418223b1c7725085e801e7c0fc6a12ec" dependencies = [ "bitflags 2.9.0", "hex", @@ -3118,9 +3117,9 @@ dependencies = [ [[package]] name = "prometheus" -version = "0.13.4" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d33c28a30771f7f96db69893f78b857f7450d7e0237e9c8fc6427a81bae7ed1" +checksum = "3ca5326d8d0b950a9acd87e6a3f94745394f62e4dae1b1ee22b2bc0c394af43a" dependencies = [ "cfg-if", "fnv", @@ -3128,9 +3127,9 @@ dependencies = [ "libc", "memchr", "parking_lot", - "procfs 0.16.0", - "protobuf 2.28.0", - "thiserror 1.0.69", + "procfs 0.17.0", + "protobuf", + "thiserror 2.0.12", ] [[package]] @@ -3184,12 +3183,6 @@ dependencies = [ "prost", ] -[[package]] -name = "protobuf" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" - [[package]] name = "protobuf" version = "3.7.2" @@ -3209,7 +3202,7 @@ checksum = "5d3976825c0014bbd2f3b34f0001876604fe87e0c86cd8fa54251530f1544ace" dependencies = [ "anyhow", "once_cell", - "protobuf 3.7.2", + "protobuf", "protobuf-parse", "regex", "tempfile", @@ -3225,7 +3218,7 @@ dependencies = [ "anyhow", "indexmap 2.9.0", "log", - "protobuf 3.7.2", + "protobuf", "protobuf-support", "tempfile", "thiserror 1.0.69", @@ -3247,7 +3240,7 @@ version = "0.1.0" dependencies = [ "async-trait", "oci-spec", - "protobuf 3.7.2", + "protobuf", "serde", "serde_json", "ttrpc", @@ -3677,7 +3670,7 @@ dependencies = [ "nix 0.26.4", "oci-spec", "path-absolutize", - "protobuf 3.7.2", + "protobuf", "protocols", "regex", "rlimit", @@ -4590,7 +4583,7 @@ dependencies = [ "libc", "log", "nix 0.26.4", - "protobuf 3.7.2", + "protobuf", "protobuf-codegen", "thiserror 1.0.69", "tokio", @@ -4604,7 +4597,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0e5c657ef5cea6f6c6073c1be0787ba4482f42a569d4821e467daec795271f86" dependencies = [ - "protobuf 3.7.2", + "protobuf", "protobuf-codegen", "protobuf-support", "ttrpc-compiler", @@ -4620,7 +4613,7 @@ dependencies = [ "prost", "prost-build", "prost-types", - "protobuf 3.7.2", + "protobuf", "protobuf-codegen", "tempfile", ] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index 201c185847..3af1a2d1fd 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -50,7 +50,7 @@ slog-stdlog = "4.0.0" log = "0.4.11" cfg-if = "1.0.0" -prometheus = { version = "0.13.0", features = ["process"] } +prometheus = { version = "0.14.0", features = ["process"] } procfs = "0.12.0" anyhow = "1"