chore: bump to protobuf 5.29.5

[joshuarli]

edit: oh i see this is a dupe of #95772 - @mdtro you actively working on fixing this? if not - is it ok or even possible to ignore for now to unblock uv?

fixes GHSA-8qvm-5x2c-j2w7

this was detected by switching over to uv (still WIP) in #96782, i suppose because it actually recognizes pyproject.toml deps vs. our bespoke requirements files

[codecov]

❌ 7 Tests Failed:

Tests completed	Failed	Passed	Skipped
26878	7	26871	601

View the top 3 failed test(s) by shortest run time

tests.sentry.relocation.tasks.test_process.ValidatingStartTest::test_fail_if_no_attempts_left

Stack Traces | 1.91s run time

#x1B[1m#x1B[.../relocation/tasks/test_process.py#x1B[0m:1394: in test_fail_if_no_attempts_left
    assert fake_cloudbuild_client.return_value.create_build.call_count == 1
#x1B[1m#x1B[31mE   AssertionError: assert 0 == 1#x1B[0m
#x1B[1m#x1B[31mE    +  where 0 = <MagicMock name='CloudBuildClient().create_build' id='139992722318608'>.call_count#x1B[0m
#x1B[1m#x1B[31mE    +    where <MagicMock name='CloudBuildClient().create_build' id='139992722318608'> = <MagicMock name='CloudBuildClient()' id='139992722318944'>.create_build#x1B[0m
#x1B[1m#x1B[31mE    +      where <MagicMock name='CloudBuildClient()' id='139992722318944'> = <MagicMock name='CloudBuildClient' id='139992722319280'>.return_value#x1B[0m

tests.sentry.relocation.tasks.test_process.ValidatingStartTest::test_success

Stack Traces | 2.21s run time

#x1B[1m#x1B[31m.venv/lib/python3.13.../protobuf/internal/well_known_types.py#x1B[0m:439: in FromTimedelta
    td.seconds + td.days * _SECONDS_PER_DAY,
#x1B[1m#x1B[31mE   AttributeError: 'str' object has no attribute 'seconds'#x1B[0m

#x1B[33mThe above exception was the direct cause of the following exception:#x1B[0m
#x1B[1m#x1B[.../relocation/tasks/test_process.py#x1B[0m:1314: in test_success
    validating_start(self.uuid)
#x1B[1m#x1B[.../sentry/silo/base.py#x1B[0m:158: in override
    return original_method(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../site-packages/celery/local.py#x1B[0m:182: in __call__
    return self._get_current_object()(*a, **kw)
#x1B[1m#x1B[31msrc/sentry/celery.py#x1B[0m:104: in __call__
    return super().__call__(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../celery/app/task.py#x1B[0m:411: in __call__
    return self.run(*args, **kwargs)
#x1B[1m#x1B[.../sentry/silo/base.py#x1B[0m:158: in override
    return original_method(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../celery/app/autoretry.py#x1B[0m:60: in run
    ret = task.retry(exc=exc, **retry_kwargs)
#x1B[1m#x1B[.../sentry/silo/base.py#x1B[0m:158: in override
    return original_method(*args, **kwargs)
#x1B[1m#x1B[31m.venv/lib/python3.13.../celery/app/task.py#x1B[0m:727: in retry
    raise_with_context(exc or Retry('Task can be retried', None))
#x1B[1m#x1B[31m.venv/lib/python3.13.../celery/app/autoretry.py#x1B[0m:38: in run
    return task._orig_run(*args, **kwargs)
#x1B[1m#x1B[.../sentry/tasks/base.py#x1B[0m:187: in _wrapped
    result = func(*args, **kwargs)
#x1B[1m#x1B[.../relocation/tasks/process.py#x1B[0m:1225: in validating_start
    build = Build(
#x1B[1m#x1B[31m.venv/lib/python3.13.../site-packages/proto/message.py#x1B[0m:728: in __init__
    pb_value = marshal.to_proto(pb_type, value)
#x1B[1m#x1B[31m.venv/lib/python3.13.../proto/marshal/marshal.py#x1B[0m:218: in to_proto
    return type(value)(self.to_proto(proto_type, i) for i in value)
#x1B[1m#x1B[31m.venv/lib/python3.13.../proto/marshal/marshal.py#x1B[0m:218: in <genexpr>
    return type(value)(self.to_proto(proto_type, i) for i in value)
#x1B[1m#x1B[31m.venv/lib/python3.13.../proto/marshal/marshal.py#x1B[0m:235: in to_proto
    pb_value = self.get_rule(proto_type=proto_type).to_proto(value)
#x1B[1m#x1B[31m.venv/lib/python3.13.../marshal/rules/message.py#x1B[0m:36: in to_proto
    return self._descriptor(**value)
#x1B[1m#x1B[31m.venv/lib/python3.13.../protobuf/internal/well_known_types.py#x1B[0m:449: in _internal_assign
    self.FromTimedelta(td)
#x1B[1m#x1B[31m.venv/lib/python3.13.../protobuf/internal/well_known_types.py#x1B[0m:443: in FromTimedelta
    raise AttributeError(
#x1B[1m#x1B[31mE   AttributeError: Fail to convert to Duration. Expected a timedelta like object got str: 'str' object has no attribute 'seconds'#x1B[0m

tests.sentry.relocation.tasks.test_process.ValidatingStartTest::test_retry_if_attempts_left

Stack Traces | 2.21s run time

#x1B[1m#x1B[.../relocation/tasks/test_process.py#x1B[0m:1368: in test_retry_if_attempts_left
    assert fake_cloudbuild_client.return_value.create_build.call_count == 1
#x1B[1m#x1B[31mE   AssertionError: assert 0 == 1#x1B[0m
#x1B[1m#x1B[31mE    +  where 0 = <MagicMock name='CloudBuildClient().create_build' id='140301627627504'>.call_count#x1B[0m
#x1B[1m#x1B[31mE    +    where <MagicMock name='CloudBuildClient().create_build' id='140301627627504'> = <MagicMock name='CloudBuildClient()' id='140301627628512'>.create_build#x1B[0m
#x1B[1m#x1B[31mE    +      where <MagicMock name='CloudBuildClient()' id='140301627628512'> = <MagicMock name='CloudBuildClient' id='140301627621456'>.return_value#x1B[0m

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

[mdtro]

Not actively working on it, but I'll take a look tomorrow to see if I can get it unblocked. If not, we can look at putting in an exception on it if the vuln isn't exploitable for us.