address outstanding CVEs + remove plop from grafana-plugin/ (#4871)

# Which issue(s) this PR closes

Closes the following dependabot alerts/CVEs:

- [x] https://github.com/grafana/oncall/security/dependabot/117 -
CVE-2022-42969
- [x] https://github.com/grafana/oncall/security/dependabot/106 and
https://github.com/grafana/oncall/security/dependabot/105 -
CVE-2024-3651
- [x] https://github.com/grafana/oncall/security/dependabot/51 -
CVE-2022-46175
- [x] https://github.com/grafana/oncall/security/dependabot/124 -
CVE-2024-4068
- [ ] https://github.com/grafana/oncall/security/dependabot/78 -
CVE-2023-44270
- [ ] https://github.com/grafana/oncall/security/dependabot/132 and
https://github.com/grafana/oncall/security/dependabot/131 -
CVE-2024-39689

## Checklist

- [x] Unit, integration, and e2e (if applicable) tests updated
- [ ] Documentation added (or `pr:no public docs` PR label added if not
required)
- [ ] Added the relevant release notes label (see labels prefixed w/
`release:`). These labels dictate how your PR will
    show up in the autogenerated release notes.

engine/requirements-dev.txt

@@ -6,7 +6,7 @@ asgiref==3.7.2
     #   django
 celery-types==0.18.0
     # via -r requirements-dev.in
-certifi==2024.2.2
+certifi==2024.7.4
     # via
     #   -c requirements.txt
     #   requests
@@ -25,14 +25,14 @@ django==4.2.15
     #   django-stubs-ext
 django-filter-stubs==0.1.3
     # via -r requirements-dev.in
-django-stubs[compatible-mypy]==4.2.2
+django-stubs==4.2.2
     # via
     #   -r requirements-dev.in
     #   django-filter-stubs
     #   djangorestframework-stubs
 django-stubs-ext==4.2.7
     # via django-stubs
-djangorestframework-stubs[compatible-mypy]==3.14.2
+djangorestframework-stubs==3.14.2
     # via
     #   -r requirements-dev.in
     #   django-filter-stubs
@@ -52,7 +52,7 @@ httpretty==1.1.4
     # via -r requirements-dev.in
 identify==2.5.34
     # via pre-commit
-idna==3.6
+idna==3.7
     # via
     #   -c requirements.txt
     #   requests
@@ -96,7 +96,7 @@ pytest-django==4.8.0
     # via -r requirements-dev.in
 pytest-factoryboy==2.7.0
     # via -r requirements-dev.in
-pytest-xdist[psutil]==3.6.1
+pytest-xdist==3.6.1
     # via -r requirements-dev.in
 python-dateutil==2.8.2
     # via
@@ -110,6 +110,10 @@ requests==2.32.3
     # via
     #   -c requirements.txt
     #   djangorestframework-stubs
+setuptools==73.0.0
+    # via
+    #   -c requirements.txt
+    #   nodeenv
 six==1.16.0
     # via
     #   -c requirements.txt

engine/requirements.in

@@ -64,3 +64,7 @@ whitenoise==5.3.0
 google-api-python-client==2.122.0
 google-auth-httplib2==0.2.0
 google-auth-oauthlib==1.2.0
+# we are manually pinning idna to 3.7 to fix CVE-2024-3651
+# requests==2.32.3 is installing idna==3.6 but supports idna>=2.5,<4
+# https://github.com/psf/requests/blob/v2.32.3/setup.py#L63
+idna==3.7

engine/requirements.txt

@@ -34,9 +34,9 @@ cachetools==4.2.2
     # via
     #   google-auth
     #   python-telegram-bot
-celery[redis]==5.3.1
+celery==5.3.1
     # via -r requirements.in
-certifi==2024.2.2
+certifi==2024.7.4
     # via
     #   python-telegram-bot
     #   requests
@@ -157,7 +157,7 @@ firebase-admin==5.4.0
     # via fcm-django
 flask==3.0.2
     # via slack-export-viewer
-google-api-core[grpc]==2.17.0
+google-api-core==2.17.0
     # via
     #   firebase-admin
     #   google-api-python-client
@@ -224,8 +224,10 @@ icalendar==5.0.10
     #   -r requirements.in
     #   recurring-ical-events
     #   x-wr-timezone
-idna==3.6
-    # via requests
+idna==3.7
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-metadata==6.11.0
     # via opentelemetry-api
 inflection==0.5.1
@@ -415,6 +417,10 @@ rsa==4.9
     # via google-auth
 s3transfer==0.10.0
     # via boto3
+setuptools==73.0.0
+    # via
+    #   apscheduler
+    #   opentelemetry-instrumentation
 six==1.16.0
     # via
     #   apscheduler

grafana-plugin/package.json

@@ -27,7 +27,6 @@
     "watch": "NODE_ENV=development webpack -w -c ./webpack.config.ts --env development",
     "sign": "npx --yes @grafana/sign-plugin@latest",
     "start": "yarn watch",
-    "plop": "plop",
     "setversion": "setversion",
     "typecheck": "tsc --noEmit",
     "typecheck:watch": "yarn typecheck --watch --preserveWatchOutput false",
@@ -105,7 +104,6 @@
     "mailslurp-client": "^15.14.1",
     "moment-timezone": "^0.5.35",
     "openapi-typescript": "^7.0.0-next.4",
-    "plop": "^2.7.4",
     "postcss-loader": "^7.0.1",
     "prettier": "^2.8.7",
     "react-test-renderer": "^18.0.2",
@@ -177,5 +175,8 @@
     "throttle-debounce": "^2.1.0",
     "tinycolor2": "^1.6.0",
     "tslib": "2.5.3"
+  },
+  "resolutions": {
+    "braces": "3.0.3"
   }
 }