FTRS-2976 Fixed Cve in rd main and auth

ankitbvkumar · ankitbvkumar · commit fb1686cc82a4 · 2026-02-05T16:56:17.000Z
diff --git a/application/roaddistance/requirements.txt b/application/roaddistance/requirements.txt
@@ -1,8 +1,13 @@
 awscli==1.35.7
 jsonschema==4.21.1
 pytest==8.3.3
-protobuf==6.31.1
+protobuf==6.33.5
 pyyaml==6.0.1
 requests==2.32.4
 numpy==2.1.2
 boto3==1.35.41
+urllib3==2.6.3
+pyasn1==0.6.2
+certifi
+charset-normalizer
+idna
diff --git a/build/docker/authoriser-lambda/Dockerfile b/build/docker/authoriser-lambda/Dockerfile
@@ -24,11 +24,10 @@ RUN rm -f /etc/dnf/vars/releasever && \
 RUN dnf -y update glib2-2.82.2-769.amzn2023 && \
     dnf clean all
 
-# Fix Python package CVEs - completely remove all versions and clean install
-RUN pip3 uninstall -y urllib3 pyasn1 requests || true
-RUN rm -rf /var/lang/lib/python*/site-packages/urllib3* /var/lang/lib/python*/site-packages/pyasn1* || true
-RUN rm -rf ${LAMBDA_TASK_ROOT}/urllib3* ${LAMBDA_TASK_ROOT}/pyasn1* ${LAMBDA_TASK_ROOT}/requests* || true
-RUN pip3 install urllib3==2.6.3 pyasn1==0.6.2 requests==2.32.4 certifi charset-normalizer idna --target "${LAMBDA_TASK_ROOT}" --no-cache-dir
+# Fix Python package CVEs - completely remove all versions and clean install from requirements.txt
+RUN pip3 uninstall -y urllib3 pyasn1 requests protobuf || true
+RUN rm -rf /var/lang/lib/python*/site-packages/urllib3* /var/lang/lib/python*/site-packages/pyasn1* /var/lang/lib/python*/site-packages/protobuf* || true
+RUN rm -rf ${LAMBDA_TASK_ROOT}/urllib3* ${LAMBDA_TASK_ROOT}/pyasn1* ${LAMBDA_TASK_ROOT}/requests* ${LAMBDA_TASK_ROOT}/protobuf* || true
 
 # Fix CVE-2025-61726 - Update AWS Lambda RIE to version with Go stdlib 1.25.6
 RUN curl -Lo /usr/local/bin/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie && \
diff --git a/build/docker/roaddistance-lambda/Dockerfile b/build/docker/roaddistance-lambda/Dockerfile
@@ -26,11 +26,10 @@ RUN rm -f /etc/dnf/vars/releasever && \
 RUN dnf -y update glib2-2.82.2-769.amzn2023 && \
     dnf clean all
 
-# Fix Python package CVEs - completely remove all versions and clean install
-RUN pip3 uninstall -y urllib3 pyasn1 requests || true
-RUN rm -rf /var/lang/lib/python*/site-packages/urllib3* /var/lang/lib/python*/site-packages/pyasn1* || true
-RUN rm -rf ${LAMBDA_TASK_ROOT}/urllib3* ${LAMBDA_TASK_ROOT}/pyasn1* ${LAMBDA_TASK_ROOT}/requests* || true
-RUN pip3 install urllib3==2.6.3 pyasn1==0.6.2 requests==2.32.4 certifi charset-normalizer idna --target "${LAMBDA_TASK_ROOT}" --no-cache-dir
+# Fix Python package CVEs - completely remove all versions and clean install from requirements.txt
+RUN pip3 uninstall -y urllib3 pyasn1 requests protobuf || true
+RUN rm -rf /var/lang/lib/python*/site-packages/urllib3* /var/lang/lib/python*/site-packages/pyasn1* /var/lang/lib/python*/site-packages/protobuf* || true
+RUN rm -rf ${LAMBDA_TASK_ROOT}/urllib3* ${LAMBDA_TASK_ROOT}/pyasn1* ${LAMBDA_TASK_ROOT}/requests* ${LAMBDA_TASK_ROOT}/protobuf* || true
 
 # Fix CVE-2025-61726 - Update AWS Lambda RIE to version with Go stdlib 1.25.6
 RUN curl -Lo /usr/local/bin/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie && \
diff --git a/build/docker/tester/assets/requirements.txt b/build/docker/tester/assets/requirements.txt
@@ -1,9 +1,14 @@
 awscli==1.35.7
 jsonschema==4.23.0
 pytest==8.3.3
-protobuf==6.31.1
+protobuf==6.33.5
 pyyaml==6.0.2
 requests==2.32.3
 numpy==2.1.2
 boto3==1.35.41
 coverage==7.6.3
+urllib3==2.6.3
+pyasn1==0.6.2
+certifi
+charset-normalizer
+idna
