diff --git a/Cargo.lock b/Cargo.lock
index 6b48b1444..c673728e0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4139,15 +4139,14 @@ dependencies = [
 
 [[package]]
 name = "opentelemetry-prometheus"
-version = "0.29.0"
+version = "0.29.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ac8c4fc7bd450bcb5b1cbc7325755e86d9f82f1fd80ad8b3441887b715f6a2d"
+checksum = "098a71a4430bb712be6130ed777335d2e5b19bc8566de5f2edddfce906def6ab"
 dependencies = [
  "once_cell",
  "opentelemetry",
  "opentelemetry_sdk",
  "prometheus",
- "protobuf",
  "tracing",
 ]
 
@@ -4667,9 +4666,9 @@ dependencies = [
 
 [[package]]
 name = "prometheus"
-version = "0.13.4"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d33c28a30771f7f96db69893f78b857f7450d7e0237e9c8fc6427a81bae7ed1"
+checksum = "3ca5326d8d0b950a9acd87e6a3f94745394f62e4dae1b1ee22b2bc0c394af43a"
 dependencies = [
  "cfg-if",
  "fnv",
@@ -4677,7 +4676,7 @@ dependencies = [
  "memchr",
  "parking_lot",
  "protobuf",
- "thiserror 1.0.69",
+ "thiserror 2.0.12",
 ]
 
 [[package]]
@@ -4705,9 +4704,23 @@ dependencies = [
 
 [[package]]
 name = "protobuf"
-version = "2.28.0"
+version = "3.7.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94"
+checksum = "d65a1d4ddae7d8b5de68153b48f6aa3bba8cb002b243dbdbc55a5afbc98f99f4"
+dependencies = [
+ "once_cell",
+ "protobuf-support",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "protobuf-support"
+version = "3.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e36c2f31e0a47f9280fb347ef5e461ffcd2c52dd520d8e216b52f93b0b0d7d6"
+dependencies = [
+ "thiserror 1.0.69",
+]
 
 [[package]]
 name = "psl"
diff --git a/Cargo.toml b/Cargo.toml
index 383a548e2..325a5e7fe 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -403,7 +403,7 @@ default-features = false
 features = ["trace", "metrics", "http-proto"]
 
 [workspace.dependencies.opentelemetry-prometheus]
-version = "0.29.0"
+version = "0.29.1"
 
 [workspace.dependencies.opentelemetry-resource-detectors]
 version = "0.8.0"
@@ -429,7 +429,7 @@ version = "0.30.0"
 default-features = false
 
 [workspace.dependencies.prometheus]
-version = "0.13.4"
+version = "0.14.0"
 
 # URL manipulation
 [workspace.dependencies.url]
diff --git a/deny.toml b/deny.toml
index 804879465..4b2704f3f 100644
--- a/deny.toml
+++ b/deny.toml
@@ -18,10 +18,6 @@ ignore = [
     # `paste`, as used by `aws-lc-rs` is unmaintained, but we're not concerned
     # about it having a security vulnerability
     "RUSTSEC-2024-0436",
-
-    # rust-protobuf has an infinite recursion issue when parsing inputs. We only
-    # use protobuf for opentelemetry output, so we are not affected
-    "RUSTSEC-2024-0437",
 ]
 
 [licenses]