From efa624b0e45718b95eea66bf5b53e5ae2e0dc87e Mon Sep 17 00:00:00 2001
From: joseph-sentry <136376984+joseph-sentry@users.noreply.github.com>
Date: Tue, 7 Nov 2023 13:57:57 -0500
Subject: [PATCH] Update deps to fix vulnerabilities (#161)

Fixes: https://github.com/codecov/internal-issues/issues/101
Fixes: https://github.com/codecov/internal-issues/issues/102

Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io>
---
 requirements.in  |  5 +++--
 requirements.txt | 25 +++++++++++++++----------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/requirements.in b/requirements.in
index 00eb6e30b..2a1092131 100644
--- a/requirements.in
+++ b/requirements.in
@@ -33,7 +33,8 @@ SQLAlchemy
 statsd
 stripe
 timestring
+urllib3>=1.26.18
 vcrpy
-opentelemetry-instrumentation-celery
-opentelemetry-sdk
+opentelemetry-instrumentation-celery>=0.41b0
+opentelemetry-sdk>=1.20.0
 google-cloud-pubsub
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index fc36b6e85..6df7a382e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -154,6 +154,8 @@ idna==2.10
     #   requests
     #   rfc3986
     #   yarl
+importlib-metadata==6.8.0
+    # via opentelemetry-api
 iniconfig==1.1.1
     # via pytest
 jinja2==3.1.2
@@ -184,22 +186,20 @@ oauth2==1.9.0.post1
     # via shared
 oauthlib==3.1.0
     # via shared
-opentelemetry-api==1.4.1
+opentelemetry-api==1.20.0
     # via
     #   opentelemetry-instrumentation
     #   opentelemetry-instrumentation-celery
     #   opentelemetry-sdk
-opentelemetry-instrumentation==0.23b2
-    # via
-    #   opentelemetry-instrumentation-celery
-    #   opentelemetry-sdk
-opentelemetry-instrumentation-celery==0.23b2
+opentelemetry-instrumentation==0.41b0
+    # via opentelemetry-instrumentation-celery
+opentelemetry-instrumentation-celery==0.41b0
     # via -r requirements.in
-opentelemetry-sdk==1.4.1
+opentelemetry-sdk==1.20.0
     # via
     #   -r requirements.in
     #   codecovopentelem
-opentelemetry-semantic-conventions==0.23b2
+opentelemetry-semantic-conventions==0.41b0
     # via
     #   opentelemetry-instrumentation-celery
     #   opentelemetry-sdk
@@ -347,9 +347,12 @@ tomli==2.0.1
 typing==3.7.4.3
     # via shared
 typing-extensions==4.6.3
-    # via shared
-urllib3==1.26.13
     # via
+    #   opentelemetry-sdk
+    #   shared
+urllib3==1.26.18
+    # via
+    #   -r requirements.in
     #   botocore
     #   google-auth
     #   minio
@@ -374,6 +377,8 @@ wrapt==1.12.1
     #   vcrpy
 yarl==1.6.3
     # via vcrpy
+zipp==3.17.0
+    # via importlib-metadata
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools