fix(security): patch starlette CVE-2026-48818 and CVE-2026-54283#2138
fix(security): patch starlette CVE-2026-48818 and CVE-2026-54283#2138jsonmp-k8 wants to merge 4 commits into
Conversation
The starlette CVE fixes require starlette >= 1.3.1 (fixed only in the 1.x line), which in turn requires upgrading google-adk from 1.x to 2.x since google-adk<2 hard-pins starlette<1.0.0. Changes: - kagent-adk, agentsts-adk: bump google-adk from >=1.28.1,<2 to >=2.2.0. google-adk 2.2.0 is the earliest 2.x release that both supports starlette 1.x and stays compatible with kagent-core's existing opentelemetry-api>=1.38.0,<1.39.0 constraint. - samples/adk/basic: bump google-adk from >=1.8.0 to >=2.2.0 and regenerate the standalone lockfile so the sample image is no longer built on starlette 0.47.2. - python/pyproject.toml: add starlette>=1.3.1 to constraint-dependencies so the whole venv is pinned above the CVE fix version. - python/uv.lock, python/samples/adk/basic/uv.lock: regenerated accordingly; starlette resolves to 1.3.1 in both. Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
There was a problem hiding this comment.
Pull request overview
Updates the Python workspace and sample dependencies to remediate two HIGH-severity Starlette CVEs by moving the dependency graph onto Starlette 1.x (requiring a google-adk v2 upgrade).
Changes:
- Add a workspace constraint to enforce
starlette>=1.3.1and regenerate the workspace lockfile to resolve Starlette 1.3.1. - Upgrade
google-adkto the v2 line inkagent-adk,agentsts-adk, and thesamples/adk/basicproject. - Regenerate
uv.lockfiles to reflect the new dependency tree (including dropping unused transitive packages).
Reviewed changes
Copilot reviewed 4 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| python/packages/kagent-adk/pyproject.toml | Bumps google-adk requirement to v2 to allow Starlette 1.x. |
| python/packages/agentsts-adk/pyproject.toml | Bumps google-adk requirement to v2 to allow Starlette 1.x. |
| python/samples/adk/basic/pyproject.toml | Updates sample to google-adk>=2.2.0. |
| python/pyproject.toml | Adds starlette>=1.3.1 to workspace constraint dependencies. |
| python/uv.lock | Regenerated workspace lock resolving Starlette 1.3.1 and google-adk 2.2.0. |
| python/samples/adk/basic/uv.lock | Regenerated sample lock resolving Starlette 1.3.1 / google-adk 2.3.0. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Without an explicit requires-python, uv defaulted the regenerated lock to >=3.13 (the lock author's Python), which would prevent the sample from running on the repo's supported 3.10-3.12 runtimes. Add >=3.10 to match the workspace packages and regenerate the standalone lock. Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
|
The Error is identical: Timeline:
Root cause is apk pulling This PR only touches Python Happy to open that infra PR too if useful, but flagging this here so the failing checks don't block review of the actual security change. |
…rfile
The srt-builder and final stages install `nodejs` unpinned via `apk add`,
even though `TOOLS_NODE_VERSION=24` is threaded through as a build arg.
When Wolfi published nodejs-26.4.0-r1, arm64 builds started crashing with
`qemu: uncaught target signal 4 (Illegal instruction) - core dumped`
because the newer binary uses CPU instructions the docker/setup-qemu-action
version cannot emulate.
Pin nodejs to "nodejs~${TOOLS_NODE_VERSION}" to match the pattern already
used in ui/Dockerfile:13 and :50, so the version arg actually constrains
the installed package and Wolfi upgrades to a new major don't silently
break builds.
Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
|
How is this passing CI, is adk 2.0 backwards compatible? |
Summary
Follow-up to #2133 (which patched shell-quote, PyJWT, and pyarrow but left starlette on
0.52.1in main and0.47.2in thesamples/adk/basicimage). This PR closes the remaining two HIGH-severity Trivy findings that theappimage scan is still flagging.CVEs closed:
starletteCVE-2026-48818 (HIGH) — SSRF and NTLM credential theft via UNC paths inStaticFiles. Fix:starlette>=1.1.0.starletteCVE-2026-54283 (HIGH) —request.form()limits silently ignored forapplication/x-www-form-urlencoded, enabling DoS. Fix:starlette>=1.3.1.Why the google-adk major version bump is unavoidable
The reviewer on #2133 raised a fair concern that upgrading
google-adkv1 → v2 is a large behavior change for a "security patch". This isn't scope creep — it's the shortest forced chain:google-adk<2hard-pinsstarlette<1.0.0, so it is impossible to install starlette 1.x with google-adk v1.google-adk 2.2.0is the earliest 2.x release that supportsstarlette>=1.0.1and stays withinkagent-core's existingopentelemetry-api>=1.38.0,<1.39.0pin (google-adk 2.3.0 would have forced opentelemetry ≥1.39 too). Picking 2.2.0 minimizes the transitive blast radius.The alternative — filing a VEX /
.trivyignoreif the CVEs are not exploitable in kagent's usage — was considered. It would require an audit of whether kagent-adk / theappimage exposesstarlette.StaticFilesor handlesapplication/x-www-form-urlencodedform parsing. Happy to switch to that approach instead if reviewers prefer, but the current PR is the "actually fix it" path.Changes
python/packages/kagent-adk/pyproject.tomlgoogle-adk>=1.28.1,<2→>=2.2.0python/packages/agentsts-adk/pyproject.tomlgoogle-adk>=1.28.1,<2→>=2.2.0python/samples/adk/basic/pyproject.tomlgoogle-adk>=1.8.0→>=2.2.0python/pyproject.tomlstarlette>=1.3.1to workspaceconstraint-dependenciespython/uv.lock0.52.1→1.3.1, google-adk1.31.1→2.2.0. ~30 unused google-cloud-* packages drop out of the tree.python/samples/adk/basic/uv.lock0.47.2→1.3.1, google-adk1.9.0→2.3.0Test plan
Scan imagesCI passes onapp(both starlette CVEs cleared)python-test (3.10 / 3.11 / 3.12 / 3.13)all pass on the google-adk v2 linetest-e2epasses to catch any google-adk 1 → 2 API regressionssamples/adk/basic) still boots