diff --git a/.bazelrc b/.bazelrc
index 6a7cd55d0524c..2747884b2da5c 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -211,6 +211,7 @@ build:remote --auth_enabled=true
 build:remote --remote_download_toplevel
 
 # Windows bazel does not allow sandboxed as a spawn strategy
+build:remote-windows --action_env=WRAPT_INSTALL_EXTENSIONS=false
 build:remote-windows --spawn_strategy=remote,local
 build:remote-windows --strategy=Javac=remote,local
 build:remote-windows --strategy=Closure=remote,local
@@ -295,6 +296,7 @@ build:compdb --build_tag_filters=-nocompdb
 
 # Windows build quirks
 build:windows --action_env=TMPDIR
+build:windows --action_env=WRAPT_INSTALL_EXTENSIONS=false
 build:windows --define signal_trace=disabled
 build:windows --define hot_restart=disabled
 build:windows --define tcmalloc=disabled
diff --git a/DEPENDENCY_POLICY.md b/DEPENDENCY_POLICY.md
index 588dad437ad23..6135e59d971fb 100644
--- a/DEPENDENCY_POLICY.md
+++ b/DEPENDENCY_POLICY.md
@@ -58,8 +58,8 @@ Dependency declarations must:
   be used if no CPE for the project is available in the CPE database. CPEs should be _versionless_
   with a `:*` suffix, since the version can be computed from `version`.
 
-When build or test code references Python modules, they should be imported via `pip3_import` in
-[bazel/repositories_extra.bzl](bazel/repositories_extra.bzl). Python modules should not be listed in
+When build or test code references Python modules, they should be imported via `pip_install` in
+[bazel/dependency_imports.bzl](bazel/dependency_imports.bzl). Python modules should not be listed in
 `repository_locations.bzl` entries. `requirements.txt` files for Python dependencies must pin to
 exact versions, e.g. `PyYAML==5.3.1` and ideally also include a [SHA256
 checksum](https://davidwalsh.name/hashin).
diff --git a/WORKSPACE b/WORKSPACE
index a96cba5013021..ef120bc53d4ff 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -12,10 +12,6 @@ load("//bazel:repositories.bzl", "envoy_dependencies")
 
 envoy_dependencies()
 
-load("//bazel:repositories_extra.bzl", "envoy_dependencies_extra")
-
-envoy_dependencies_extra()
-
 load("//bazel:dependency_imports.bzl", "envoy_dependency_imports")
 
 envoy_dependency_imports()
diff --git a/api/bazel/repository_locations.bzl b/api/bazel/repository_locations.bzl
index f0173e58946e6..b8db8939e23a4 100644
--- a/api/bazel/repository_locations.bzl
+++ b/api/bazel/repository_locations.bzl
@@ -97,7 +97,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         sha256 = "ebea8a6968722524d1bcc4426fb6a29907ddc2902aac7de1559012d3eee90cf9",
         strip_prefix = "skywalking-data-collect-protocol-{version}",
         urls = ["https://github.com/apache/skywalking-data-collect-protocol/archive/v{version}.tar.gz"],
-        release_date = "2020-07-29",
+        release_date = "2020-07-31",
         use_category = ["api"],
     ),
 )
diff --git a/bazel/EXTERNAL_DEPS.md b/bazel/EXTERNAL_DEPS.md
index 4f66ef80eac8b..6cf42d2a444b9 100644
--- a/bazel/EXTERNAL_DEPS.md
+++ b/bazel/EXTERNAL_DEPS.md
@@ -59,16 +59,13 @@ to binaries, libraries, headers, etc.
 
 # Adding external dependencies to Envoy (Python)
 
-Python dependencies should be added via `pip3` and `rules_python`. The process
+Python dependencies should be added via `pip_install` and `rules_python`. The process
 is:
 
-1. Define a `pip3_import()` pointing at your target `requirements.txt` in
-   [`bazel/repositories_extra.bzl`](repositories_extra.bzl)
+1. Define a `pip_install()` pointing at your target `requirements.txt` in
+   [`bazel/dependency_imports.bzl`](bazel/dependency_imports.bzl)
 
-2. Add a `pip_install()` invocation in
-   [`bazel/dependency_imports.bzl`](dependency_imports.bzl).
-
-3. Add a `requirements("<package name")` in the `BUILD` file that depends on
+2. Add a `requirements("<package name")` in the `BUILD` file that depends on
    this package.
 
 You can use [`tools/config_validation/BUILD`](../tools/config_validation/BUILD) as an example
diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl
index 62b71950c9edc..e375db498697b 100644
--- a/bazel/dependency_imports.bzl
+++ b/bazel/dependency_imports.bzl
@@ -1,34 +1,31 @@
-load("@rules_foreign_cc//:workspace_definitions.bzl", "rules_foreign_cc_dependencies")
-load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
-load("@envoy_build_tools//toolchains:rbe_toolchains_config.bzl", "rbe_toolchains_config")
-load("@bazel_toolchains//rules/exec_properties:exec_properties.bzl", "create_rbe_exec_properties_dict", "custom_exec_properties")
 load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
+load("@bazel_toolchains//rules/exec_properties:exec_properties.bzl", "create_rbe_exec_properties_dict", "custom_exec_properties")
 load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependencies")
-load("@upb//bazel:repository_defs.bzl", upb_bazel_version_repository = "bazel_version_repository")
+load("@envoy_build_tools//toolchains:rbe_toolchains_config.bzl", "rbe_toolchains_config")
+load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 load("@io_bazel_rules_rust//rust:repositories.bzl", "rust_repositories")
-load("@config_validation_pip3//:requirements.bzl", config_validation_pip_install = "pip_install")
-load("@configs_pip3//:requirements.bzl", configs_pip_install = "pip_install")
-load("@headersplit_pip3//:requirements.bzl", headersplit_pip_install = "pip_install")
-load("@kafka_pip3//:requirements.bzl", kafka_pip_install = "pip_install")
-load("@protodoc_pip3//:requirements.bzl", protodoc_pip_install = "pip_install")
-load("@thrift_pip3//:requirements.bzl", thrift_pip_install = "pip_install")
-load("@rules_antlr//antlr:deps.bzl", "antlr_dependencies")
+load("@proxy_wasm_cpp_host//bazel/cargo:crates.bzl", "proxy_wasm_cpp_host_raze__fetch_remote_crates")
 load("@proxy_wasm_rust_sdk//bazel:dependencies.bzl", "proxy_wasm_rust_sdk_dependencies")
+load("@rules_antlr//antlr:deps.bzl", "antlr_dependencies")
+load("@rules_foreign_cc//:workspace_definitions.bzl", "rules_foreign_cc_dependencies")
+load("@rules_python//python:pip.bzl", "pip_install")
+load("@upb//bazel:repository_defs.bzl", upb_bazel_version_repository = "bazel_version_repository")
 
 # go version for rules_go
 GO_VERSION = "1.14.7"
 
 def envoy_dependency_imports(go_version = GO_VERSION):
-    rules_foreign_cc_dependencies()
-    go_rules_dependencies()
+    apple_rules_dependencies()
     go_register_toolchains(go_version)
-    rbe_toolchains_config()
     gazelle_dependencies()
-    apple_rules_dependencies()
+    go_rules_dependencies()
+    proxy_wasm_cpp_host_raze__fetch_remote_crates()
+    proxy_wasm_rust_sdk_dependencies()
+    rbe_toolchains_config()
+    rules_foreign_cc_dependencies()
     rust_repositories()
     upb_bazel_version_repository(name = "upb_bazel_version")
     antlr_dependencies(472)
-    proxy_wasm_rust_sdk_dependencies()
 
     custom_exec_properties(
         name = "envoy_large_machine_exec_property",
@@ -42,25 +39,119 @@ def envoy_dependency_imports(go_version = GO_VERSION):
         name = "org_golang_google_grpc",
         build_file_proto_mode = "disable",
         importpath = "google.golang.org/grpc",
-        sum = "h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=",
-        version = "v1.29.1",
+        sum = "h1:DGeFlSan2f+WEtCERJ4J9GJWk15TxUi8QGagfI87Xyc=",
+        version = "v1.33.1",
+        # project_url = "https://pkg.go.dev/google.golang.org/grpc",
+        # last_update = "2020-10-21"
+        # use_category = ["api"],
+        # cpe = "cpe:2.3:a:grpc:grpc:*",
     )
     go_repository(
         name = "org_golang_x_net",
         importpath = "golang.org/x/net",
-        sum = "h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=",
-        version = "v0.0.0-20190813141303-74dc4d7220e7",
+        sum = "h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U=",
+        version = "v0.0.0-20201202161906-c7110b5ffcbb",
+        # project_url = "https://pkg.go.dev/mod/golang.org/x/net",
+        # last_update = "2020-12-02"
+        # use_category = ["api"],
     )
     go_repository(
         name = "org_golang_x_text",
         importpath = "golang.org/x/text",
-        sum = "h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=",
-        version = "v0.3.0",
+        sum = "h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=",
+        version = "v0.3.4",
+        # project_url = "https://pkg.go.dev/mod/golang.org/x/text",
+        # last_update = "2020-10-27"
+        # use_category = ["api"],
+    )
+
+    pip_install(
+        name = "config_validation_pip3",
+        requirements = "@envoy//tools/config_validation:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
+
+        # project_name = "PyYAML",
+        # project_url = "https://github.com/yaml/pyyaml",
+        # version = "5.3.1",
+        # last_update = "2020-03-18"
+        # use_category = ["devtools"],
+        # cpe = "cpe:2.3:a:pyyaml:pyyaml:*",
+    )
+    pip_install(
+        name = "configs_pip3",
+        requirements = "@envoy//configs:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
+
+        # project_name = "Jinja",
+        # project_url = "http://palletsprojects.com/p/jinja",
+        # version = "2.11.2",
+        # last_update = "2020-04-13"
+        # use_category = ["test"],
+        # cpe = "cpe:2.3:a:palletsprojects:jinja:*",
+
+        # project_name = "MarkupSafe",
+        # project_url = "https://markupsafe.palletsprojects.com/en/1.1.x/",
+        # version = "1.1.1",
+        # last_update = "2019-02-23"
+        # use_category = ["test"],
     )
+    pip_install(
+        name = "kafka_pip3",
+        requirements = "@envoy//source/extensions/filters/network/kafka:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
 
-    config_validation_pip_install()
-    configs_pip_install()
-    headersplit_pip_install()
-    kafka_pip_install()
-    protodoc_pip_install()
-    thrift_pip_install()
+        # project_name = "Jinja",
+        # project_url = "http://palletsprojects.com/p/jinja",
+        # version = "2.11.2",
+        # last_update = "2020-04-13"
+        # use_category = ["test"],
+        # cpe = "cpe:2.3:a:palletsprojects:jinja:*",
+
+        # project_name = "MarkupSafe",
+        # project_url = "https://markupsafe.palletsprojects.com/en/1.1.x/",
+        # version = "1.1.1",
+        # last_update = "2019-02-23"
+        # use_category = ["test"],
+    )
+    pip_install(
+        name = "headersplit_pip3",
+        requirements = "@envoy//tools/envoy_headersplit:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
+
+        # project_name = "Clang",
+        # project_url = "https://clang.llvm.org/",
+        # version = "10.0.1",
+        # last_update = "2020-07-21"
+        # use_category = ["devtools"],
+        # cpe = "cpe:2.3:a:llvm:clang:*",
+    )
+    pip_install(
+        name = "protodoc_pip3",
+        requirements = "@envoy//tools/protodoc:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
+
+        # project_name = "PyYAML",
+        # project_url = "https://github.com/yaml/pyyaml",
+        # version = "5.3.1",
+        # last_update = "2020-03-18"
+        # use_category = ["devtools"],
+        # cpe = "cpe:2.3:a:pyyaml:pyyaml:*",
+    )
+    pip_install(
+        name = "thrift_pip3",
+        requirements = "@envoy//test/extensions/filters/network/thrift_proxy:requirements.txt",
+        extra_pip_args = ["--require-hashes"],
+
+        # project_name = "Apache Thrift",
+        # project_url = "http://thrift.apache.org/",
+        # version = "0.11.0",
+        # last_update = "2017-12-07"
+        # use_category = ["dataplane"],
+        # cpe = "cpe:2.3:a:apache:thrift:*",
+
+        # project_name = "Six: Python 2 and 3 Compatibility Library",
+        # project_url = "https://six.readthedocs.io/",
+        # version = "1.15.0",
+        # last_update = "2020-05-21"
+        # use_category = ["dataplane"],
+    )
diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl
index db873d30c16fa..92c2b0e848f7f 100644
--- a/bazel/repositories.bzl
+++ b/bazel/repositories.bzl
@@ -53,7 +53,7 @@ _default_envoy_build_config = repository_rule(
 
 # Python dependencies.
 def _python_deps():
-    # TODO(htuch): convert these to pip3_import.
+    # TODO(htuch): convert these to pip_install.
     external_http_archive(
         name = "com_github_twitter_common_lang",
         build_file = "@envoy//bazel/external:twitter_common_lang.BUILD",
diff --git a/bazel/repositories_extra.bzl b/bazel/repositories_extra.bzl
deleted file mode 100644
index dbfc5221d0541..0000000000000
--- a/bazel/repositories_extra.bzl
+++ /dev/null
@@ -1,104 +0,0 @@
-load("@rules_python//python:repositories.bzl", "py_repositories")
-load("@rules_python//python:pip.bzl", "pip3_import", "pip_repositories")
-load("@proxy_wasm_cpp_host//bazel/cargo:crates.bzl", "proxy_wasm_cpp_host_raze__fetch_remote_crates")
-
-# Python dependencies.
-def _python_deps():
-    py_repositories()
-    pip_repositories()
-
-    pip3_import(
-        name = "config_validation_pip3",
-        requirements = "@envoy//tools/config_validation:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "PyYAML",
-        # project_url = "https://github.com/yaml/pyyaml",
-        # version = "5.3.1",
-        # release_date = "2020-03-18"
-        # use_category = ["devtools"],
-        # cpe = "cpe:2.3:a:pyyaml:pyyaml:*",
-    )
-    pip3_import(
-        name = "configs_pip3",
-        requirements = "@envoy//configs:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "Jinja",
-        # project_url = "http://palletsprojects.com/p/jinja",
-        # version = "2.11.2",
-        # release_date = "2020-04-13"
-        # use_category = ["test"],
-        # cpe = "cpe:2.3:a:palletsprojects:jinja:*",
-
-        # project_name = "MarkupSafe",
-        # project_url = "https://markupsafe.palletsprojects.com/en/1.1.x/",
-        # version = "1.1.1",
-        # release_date = "2019-02-23"
-        # use_category = ["test"],
-    )
-    pip3_import(
-        name = "kafka_pip3",
-        requirements = "@envoy//source/extensions/filters/network/kafka:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "Jinja",
-        # project_url = "http://palletsprojects.com/p/jinja",
-        # version = "2.11.2",
-        # release_date = "2020-04-13"
-        # use_category = ["test"],
-        # cpe = "cpe:2.3:a:palletsprojects:jinja:*",
-
-        # project_name = "MarkupSafe",
-        # project_url = "https://markupsafe.palletsprojects.com/en/1.1.x/",
-        # version = "1.1.1",
-        # release_date = "2019-02-23"
-        # use_category = ["test"],
-    )
-    pip3_import(
-        name = "headersplit_pip3",
-        requirements = "@envoy//tools/envoy_headersplit:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "Clang",
-        # project_url = "https://clang.llvm.org/",
-        # version = "10.0.1",
-        # release_date = "2020-07-21"
-        # use_category = ["devtools"],
-        # cpe = "cpe:2.3:a:llvm:clang:*",
-    )
-    pip3_import(
-        name = "protodoc_pip3",
-        requirements = "@envoy//tools/protodoc:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "PyYAML",
-        # project_url = "https://github.com/yaml/pyyaml",
-        # version = "5.3.1",
-        # release_date = "2020-03-18"
-        # use_category = ["docs"],
-        # cpe = "cpe:2.3:a:pyyaml:pyyaml:*",
-    )
-    pip3_import(
-        name = "thrift_pip3",
-        requirements = "@envoy//test/extensions/filters/network/thrift_proxy:requirements.txt",
-        extra_pip_args = ["--require-hashes"],
-
-        # project_name = "Apache Thrift",
-        # project_url = "http://thrift.apache.org/",
-        # version = "0.11.0",
-        # release_date = "2017-12-07"
-        # use_category = ["test"],
-        # cpe = "cpe:2.3:a:apache:thrift:*",
-
-        # project_name = "Six: Python 2 and 3 Compatibility Library",
-        # project_url = "https://six.readthedocs.io/",
-        # version = "1.15.0",
-        # release_date = "2020-05-21"
-        # use_category = ["test"],
-    )
-
-# Envoy deps that rely on a first stage of dependency loading in envoy_dependencies().
-def envoy_dependencies_extra():
-    _python_deps()
-    proxy_wasm_cpp_host_raze__fetch_remote_crates()
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index 747d36d610dbf..c39806d5515c3 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -6,9 +6,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/grailbio/bazel-compilation-database",
         version = "0.4.5",
         sha256 = "bcecfd622c4ef272fd4ba42726a52e140b961c4eac23025f18b346c968a8cfb4",
+        release_date = "2020-08-01",
         strip_prefix = "bazel-compilation-database-{version}",
         urls = ["https://github.com/grailbio/bazel-compilation-database/archive/{version}.tar.gz"],
-        release_date = "2020-08-01",
         use_category = ["build"],
     ),
     bazel_gazelle = dict(
@@ -17,8 +17,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/bazel-gazelle",
         version = "0.21.1",
         sha256 = "cdb02a887a7187ea4d5a27452311a75ed8637379a1287d8eeb952138ea485f7d",
-        urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/v{version}/bazel-gazelle-v{version}.tar.gz"],
         release_date = "2020-05-28",
+        urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/v{version}/bazel-gazelle-v{version}.tar.gz"],
         use_category = ["build"],
     ),
     bazel_toolchains = dict(
@@ -27,12 +27,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/bazel-toolchains",
         version = "3.6.0",
         sha256 = "4fb3ceea08101ec41208e3df9e56ec72b69f3d11c56629d6477c0ff88d711cf7",
+        release_date = "2020-10-08",
         strip_prefix = "bazel-toolchains-{version}",
         urls = [
             "https://github.com/bazelbuild/bazel-toolchains/releases/download/{version}/bazel-toolchains-{version}.tar.gz",
             "https://mirror.bazel.build/github.com/bazelbuild/bazel-toolchains/archive/{version}.tar.gz",
         ],
-        release_date = "2020-10-08",
         use_category = ["build"],
     ),
     build_bazel_rules_apple = dict(
@@ -41,8 +41,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/rules_apple",
         version = "0.19.0",
         sha256 = "7a7afdd4869bb201c9352eed2daf37294d42b093579b70423490c1b4d4f6ce42",
+        release_date = "2019-10-11",
         urls = ["https://github.com/bazelbuild/rules_apple/releases/download/{version}/rules_apple.{version}.tar.gz"],
-        release_date = "2019-10-10",
         use_category = ["build"],
     ),
     envoy_build_tools = dict(
@@ -51,27 +51,26 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/envoyproxy/envoy-build-tools",
         version = "b1a8b205f13ce52143bcb7283c6dd0a53bcd1c6c",
         sha256 = "afd67e399fa27fb703fb74dc39ed1f121dfcebc1556bbd1053fa8f22d8b24230",
+        release_date = "2020-10-16",
         strip_prefix = "envoy-build-tools-{version}",
         urls = ["https://github.com/envoyproxy/envoy-build-tools/archive/{version}.tar.gz"],
-        release_date = "2020-10-16",
         use_category = ["build"],
     ),
     boringssl = dict(
         project_name = "BoringSSL",
         project_desc = "Minimal OpenSSL fork",
         project_url = "https://github.com/google/boringssl",
-        version = "1ce6682c7f6cfe0426ed54a37c10775bea9d3502",
-        sha256 = "b878d84f90b9a95fa1e53f46f1b69a5116621e117a6d4dbf602d884311ee6aa7",
-        strip_prefix = "boringssl-{version}",
         # To update BoringSSL, which tracks Chromium releases:
         # 1. Open https://omahaproxy.appspot.com/ and note <current_version> of linux/stable release.
         # 2. Open https://chromium.googlesource.com/chromium/src/+/refs/tags/<current_version>/DEPS and note <boringssl_revision>.
         # 3. Find a commit in BoringSSL's "master-with-bazel" branch that merges <boringssl_revision>.
-        #
         # chromium-87.0.4280.66
+        version = "1ce6682c7f6cfe0426ed54a37c10775bea9d3502",
+        sha256 = "b878d84f90b9a95fa1e53f46f1b69a5116621e117a6d4dbf602d884311ee6aa7",
+        release_date = "2020-09-21",
+        strip_prefix = "boringssl-{version}",
         urls = ["https://github.com/google/boringssl/archive/{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-09-21",
         cpe = "cpe:2.3:a:google:boringssl:*",
     ),
     boringssl_fips = dict(
@@ -80,9 +79,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md",
         version = "fips-20190808",
         sha256 = "3b5fdf23274d4179c2077b5e8fa625d9debd7a390aac1d165b7e47234f648bb8",
+        release_date = "2019-08-08",
         urls = ["https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-ae223d6138807a13006342edfeef32e813246b39.tar.xz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2019-08-08",
         cpe = "cpe:2.3:a:google:boringssl:*",
     ),
     com_google_absl = dict(
@@ -91,10 +90,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://abseil.io/",
         version = "5d8fc9192245f0ea67094af57399d7931d6bd53f",
         sha256 = "e3812f256dd7347a33bf9d93a950cf356c61c0596842ff07d8154cd415145d83",
+        release_date = "2020-11-24",
         strip_prefix = "abseil-cpp-{version}",
         urls = ["https://github.com/abseil/abseil-cpp/archive/{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-11-24",
         cpe = "N/A",
     ),
     com_github_c_ares_c_ares = dict(
@@ -103,10 +102,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://c-ares.haxx.se/",
         version = "1.17.1",
         sha256 = "d73dd0f6de824afd407ce10750ea081af47eba52b8a6cb307d220131ad93fc40",
+        release_date = "2020-11-19",
         strip_prefix = "c-ares-{version}",
         urls = ["https://github.com/c-ares/c-ares/releases/download/cares-{underscore_version}/c-ares-{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-11-19",
         cpe = "cpe:2.3:a:c-ares_project:c-ares:*",
     ),
     com_github_circonus_labs_libcircllhist = dict(
@@ -115,10 +114,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/circonus-labs/libcircllhist",
         version = "63a16dd6f2fc7bc841bb17ff92be8318df60e2e1",
         sha256 = "8165aa25e529d7d4b9ae849d3bf30371255a99d6db0421516abcff23214cdc2c",
+        release_date = "2019-02-11",
         strip_prefix = "libcircllhist-{version}",
         urls = ["https://github.com/circonus-labs/libcircllhist/archive/{version}.tar.gz"],
         use_category = ["controlplane", "observability_core", "dataplane_core"],
-        release_date = "2019-02-11",
         cpe = "N/A",
     ),
     com_github_cyan4973_xxhash = dict(
@@ -127,10 +126,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/Cyan4973/xxHash",
         version = "0.7.3",
         sha256 = "952ebbf5b11fbf59ae5d760a562d1e9112278f244340ad7714e8556cbe54f7f7",
+        release_date = "2020-03-05",
         strip_prefix = "xxHash-{version}",
         urls = ["https://github.com/Cyan4973/xxHash/archive/v{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-03-05",
         cpe = "N/A",
     ),
     com_github_envoyproxy_sqlparser = dict(
@@ -139,6 +138,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/envoyproxy/sql-parser",
         version = "3b40ba2d106587bdf053a292f7e3bb17e818a57f",
         sha256 = "96c10c8e950a141a32034f19b19cdeb1da48fe859cf96ae5e19f894f36c62c71",
+        release_date = "2020-06-10",
         strip_prefix = "sql-parser-{version}",
         urls = ["https://github.com/envoyproxy/sql-parser/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -146,7 +146,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.filters.network.mysql_proxy",
             "envoy.filters.network.postgres_proxy",
         ],
-        release_date = "2020-06-10",
         cpe = "N/A",
     ),
     com_github_mirror_tclap = dict(
@@ -155,9 +154,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "http://tclap.sourceforge.net",
         version = "1-2-1",
         sha256 = "f0ede0721dddbb5eba3a47385a6e8681b14f155e1129dd39d1a959411935098f",
+        release_date = "2011-04-16",
         strip_prefix = "tclap-tclap-{version}-release-final",
         urls = ["https://github.com/mirror/tclap/archive/tclap-{version}-release-final.tar.gz"],
-        release_date = "2011-04-16",
         use_category = ["other"],
     ),
     com_github_fmtlib_fmt = dict(
@@ -166,10 +165,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://fmt.dev",
         version = "7.0.3",
         sha256 = "decfdf9ad274070fa85f26407b816f5a4d82205ae86bac1990be658d0795ea4d",
+        release_date = "2020-08-07",
         strip_prefix = "fmt-{version}",
         urls = ["https://github.com/fmtlib/fmt/releases/download/{version}/fmt-{version}.zip"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-08-06",
         cpe = "cpe:2.3:a:fmt:fmt:*",
     ),
     com_github_gabime_spdlog = dict(
@@ -178,10 +177,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/gabime/spdlog",
         version = "1.7.0",
         sha256 = "f0114a4d3c88be9e696762f37a7c379619443ce9d668546c61b21d41affe5b62",
+        release_date = "2020-07-09",
         strip_prefix = "spdlog-{version}",
         urls = ["https://github.com/gabime/spdlog/archive/v{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-07-09",
         cpe = "N/A",
     ),
     com_github_google_libprotobuf_mutator = dict(
@@ -190,9 +189,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/google/libprotobuf-mutator",
         version = "8942a9ba43d8bb196230c321d46d6a137957a719",
         sha256 = "49a26dbe77c75f2eca1dd8a9fbdb31c4496d9af42df027ff57569c5a7a5d980d",
+        release_date = "2020-08-18",
         strip_prefix = "libprotobuf-mutator-{version}",
         urls = ["https://github.com/google/libprotobuf-mutator/archive/{version}.tar.gz"],
-        release_date = "2020-08-18",
         use_category = ["test_only"],
     ),
     com_github_google_tcmalloc = dict(
@@ -201,10 +200,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/google/tcmalloc",
         version = "9f385356c34d4fc11f76a000b609e2b446c20667",
         sha256 = "652e48e0b9ef645db04bff8a3d4841c60ce07275f5d98e18e698dc92bd111291",
+        release_date = "2020-11-04",
         strip_prefix = "tcmalloc-{version}",
         urls = ["https://github.com/google/tcmalloc/archive/{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-11-04",
         cpe = "N/A",
     ),
     com_github_gperftools_gperftools = dict(
@@ -213,9 +212,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/gperftools/gperftools",
         version = "2.8",
         sha256 = "240deacdd628b6459671b83eb0c4db8e97baadf659f25b92e9a078d536bd513e",
+        release_date = "2020-07-06",
         strip_prefix = "gperftools-{version}",
         urls = ["https://github.com/gperftools/gperftools/releases/download/gperftools-{version}/gperftools-{version}.tar.gz"],
-        release_date = "2020-07-06",
         use_category = ["dataplane_core", "controlplane"],
         cpe = "cpe:2.3:a:gperftools_project:gperftools:*",
     ),
@@ -227,10 +226,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # This sha on grpc:v1.25.x branch is specifically chosen to fix gRPC STS call credential options.
         version = "d8f4928fa779f6005a7fe55a176bdb373b0f910f",
         sha256 = "bbc8f020f4e85ec029b047fab939b8c81f3d67254b5c724e1003a2bc49ddd123",
+        release_date = "2020-02-11",
         strip_prefix = "grpc-{version}",
         urls = ["https://github.com/grpc/grpc/archive/{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-02-11",
         cpe = "cpe:2.3:a:grpc:grpc:*",
     ),
     com_github_luajit_luajit = dict(
@@ -241,9 +240,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # against it. These may not impact correct non-malicious Lua code, but for prudence we bump.
         version = "1d8b747c161db457e032a023ebbff511f5de5ec2",
         sha256 = "20a159c38a98ecdb6368e8d655343b6036622a29a1621da9dc303f7ed9bf37f3",
+        release_date = "2020-10-12",
         strip_prefix = "LuaJIT-{version}",
         urls = ["https://github.com/LuaJIT/LuaJIT/archive/{version}.tar.gz"],
-        release_date = "2020-10-12",
         use_category = ["dataplane_ext"],
         extensions = ["envoy.filters.http.lua"],
         cpe = "cpe:2.3:a:luajit:luajit:*",
@@ -254,11 +253,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/moonjit/moonjit",
         version = "2.2.0",
         sha256 = "83deb2c880488dfe7dd8ebf09e3b1e7613ef4b8420de53de6f712f01aabca2b6",
+        release_date = "2020-01-14",
         strip_prefix = "moonjit-{version}",
         urls = ["https://github.com/moonjit/moonjit/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.filters.http.lua"],
-        release_date = "2020-01-14",
         cpe = "cpe:2.3:a:moonjit_project:moonjit:*",
     ),
     com_github_nghttp2_nghttp2 = dict(
@@ -267,10 +266,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://nghttp2.org",
         version = "1.41.0",
         sha256 = "eacc6f0f8543583ecd659faf0a3f906ed03826f1d4157b536b4b385fe47c5bb8",
+        release_date = "2020-06-02",
         strip_prefix = "nghttp2-{version}",
         urls = ["https://github.com/nghttp2/nghttp2/releases/download/v{version}/nghttp2-{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-06-02",
         cpe = "cpe:2.3:a:nghttp2:nghttp2:*",
     ),
     io_opentracing_cpp = dict(
@@ -279,6 +278,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://opentracing.io",
         version = "1.5.1",
         sha256 = "015c4187f7a6426a2b5196f0ccd982aa87f010cf61f507ae3ce5c90523f92301",
+        release_date = "2019-01-16",
         strip_prefix = "opentracing-cpp-{version}",
         urls = ["https://github.com/opentracing/opentracing-cpp/archive/v{version}.tar.gz"],
         use_category = ["observability_ext"],
@@ -287,7 +287,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.tracers.dynamic_ot",
             "envoy.tracers.lightstep",
         ],
-        release_date = "2019-01-16",
         cpe = "N/A",
     ),
     com_lightstep_tracer_cpp = dict(
@@ -296,11 +295,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/lightstep/lightstep-tracer-cpp",
         version = "1942b3f142e218ebc143a043f32e3278dafec9aa",
         sha256 = "3238921a8f578beb26c2215cd277e8f6752f3d29b020b881d60d96a240a38aed",
+        release_date = "2020-08-25",
         strip_prefix = "lightstep-tracer-cpp-{version}",
         urls = ["https://github.com/lightstep/lightstep-tracer-cpp/archive/{version}.tar.gz"],
         use_category = ["observability_ext"],
         extensions = ["envoy.tracers.lightstep"],
-        release_date = "2020-08-25",
         cpe = "N/A",
     ),
     com_github_datadog_dd_opentracing_cpp = dict(
@@ -309,11 +308,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/DataDog/dd-opentracing-cpp",
         version = "1.1.5",
         sha256 = "b84fd2fb0bb0578af4901db31d1c0ae909b532a1016fe6534cbe31a6c3ad6924",
+        release_date = "2020-05-17",
         strip_prefix = "dd-opentracing-cpp-{version}",
         urls = ["https://github.com/DataDog/dd-opentracing-cpp/archive/v{version}.tar.gz"],
         use_category = ["observability_ext"],
         extensions = ["envoy.tracers.datadog"],
-        release_date = "2020-05-15",
         cpe = "N/A",
     ),
     com_github_google_benchmark = dict(
@@ -343,26 +342,26 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # TODO(adip): Update to v2.2 when it is released.
         version = "62c152d9a7cd264b993dad730c4163c6ede2e0a3",
         sha256 = "4c80e5fe044ce5f8055b20a2f141ee32ec2614000f3e95d2aa81611a4c8f5213",
+        release_date = "2020-07-28",
         strip_prefix = "libevent-{version}",
         urls = ["https://github.com/libevent/libevent/archive/{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-07-28",
         cpe = "cpe:2.3:a:libevent_project:libevent:*",
     ),
-    # This should be removed, see https://github.com/envoyproxy/envoy/issues/13261.
     net_zlib = dict(
+        # This should be removed, see https://github.com/envoyproxy/envoy/issues/13261.
         project_name = "zlib",
         project_desc = "zlib compression library",
         project_url = "https://zlib.net",
-        version = "79baebe50e4d6b73ae1f8b603f0ef41300110aa3",
         # Use the dev branch of zlib to resolve fuzz bugs and out of bound
         # errors resulting in crashes in zlib 1.2.11.
         # TODO(asraa): Remove when zlib > 1.2.11 is released.
+        version = "79baebe50e4d6b73ae1f8b603f0ef41300110aa3",
         sha256 = "155a8f8c1a753fb05b16a1b0cc0a0a9f61a78e245f9e0da483d13043b3bcbf2e",
+        release_date = "2019-04-14",
         strip_prefix = "zlib-{version}",
         urls = ["https://github.com/madler/zlib/archive/{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2019-04-14",
         cpe = "cpe:2.3:a:gnu:zlib:*",
     ),
     com_github_zlib_ng_zlib_ng = dict(
@@ -371,10 +370,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/zlib-ng/zlib-ng",
         version = "b802a303ce8b6c86fbe3f93d59e0a82333768c0c",
         sha256 = "e051eade607ecbbfa2c7ed3087fe53e5d3a58325375e1e28209594138e4aa93d",
+        release_date = "2020-10-18",
         strip_prefix = "zlib-ng-{version}",
         urls = ["https://github.com/zlib-ng/zlib-ng/archive/{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-10-18",
         cpe = "N/A",
     ),
     com_github_jbeder_yaml_cpp = dict(
@@ -383,12 +382,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/jbeder/yaml-cpp",
         version = "98acc5a8874faab28b82c28936f4b400b389f5d6",
         sha256 = "79ab7069ef1c7c3632e7ffe095f7185d4c77b64d8035db3c085c239d4fe96d5f",
+        release_date = "2020-07-27",
         strip_prefix = "yaml-cpp-{version}",
         urls = ["https://github.com/jbeder/yaml-cpp/archive/{version}.tar.gz"],
         # YAML is also used for runtime as well as controlplane. It shouldn't appear on the
         # dataplane but we can't verify this automatically due to code structure today.
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-07-27",
         cpe = "cpe:2.3:a:yaml-cpp_project:yaml-cpp:*",
     ),
     com_github_msgpack_msgpack_c = dict(
@@ -397,11 +396,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/msgpack/msgpack-c",
         version = "3.3.0",
         sha256 = "6e114d12a5ddb8cb11f669f83f32246e484a8addd0ce93f274996f1941c1f07b",
+        release_date = "2020-06-05",
         strip_prefix = "msgpack-{version}",
         urls = ["https://github.com/msgpack/msgpack-c/releases/download/cpp-{version}/msgpack-{version}.tar.gz"],
         use_category = ["observability_ext"],
         extensions = ["envoy.tracers.datadog"],
-        release_date = "2020-06-05",
         cpe = "N/A",
     ),
     com_github_google_jwt_verify = dict(
@@ -410,11 +409,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/google/jwt_verify_lib",
         version = "28efec2e4df1072db0ed03597591360ec9f80aac",
         sha256 = "7a5c35b7cbf633398503ae12cad8c2833e92b3a796eed68b6256d22d51ace5e1",
+        release_date = "2020-11-05",
         strip_prefix = "jwt_verify_lib-{version}",
         urls = ["https://github.com/google/jwt_verify_lib/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.filters.http.jwt_authn"],
-        release_date = "2020-11-05",
         cpe = "N/A",
     ),
     com_github_nodejs_http_parser = dict(
@@ -425,10 +424,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # requests with both Content-Legth and Transfer-Encoding: chunked headers set.
         version = "4f15b7d510dc7c6361a26a7c6d2f7c3a17f8d878",
         sha256 = "6a12896313ce1ca630cf516a0ee43a79b5f13f5a5d8143f56560ac0b21c98fac",
+        release_date = "2020-07-10",
         strip_prefix = "http-parser-{version}",
         urls = ["https://github.com/nodejs/http-parser/archive/{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-07-10",
         cpe = "cpe:2.3:a:nodejs:node.js:*",
     ),
     com_github_tencent_rapidjson = dict(
@@ -437,12 +436,12 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://rapidjson.org",
         version = "dfbe1db9da455552f7a9ad5d2aea17dd9d832ac1",
         sha256 = "a2faafbc402394df0fa94602df4b5e4befd734aad6bb55dfef46f62fcaf1090b",
+        release_date = "2019-12-03",
         strip_prefix = "rapidjson-{version}",
         urls = ["https://github.com/Tencent/rapidjson/archive/{version}.tar.gz"],
         # We're mostly using com_google_protobuf for JSON, but there are some extensions and hard to
         # disentangle uses on the dataplane, e.g. header_formatter, Squash filter.
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2019-12-03",
         cpe = "cpe:2.3:a:tencent:rapidjson:*",
     ),
     com_github_twitter_common_lang = dict(
@@ -451,9 +450,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://pypi.org/project/twitter.common.lang",
         version = "0.3.9",
         sha256 = "56d1d266fd4767941d11c27061a57bc1266a3342e551bde3780f9e9eb5ad0ed1",
+        release_date = "2016-10-17",
         strip_prefix = "twitter.common.lang-{version}/src",
         urls = ["https://files.pythonhosted.org/packages/08/bc/d6409a813a9dccd4920a6262eb6e5889e90381453a5f58938ba4cf1d9420/twitter.common.lang-{version}.tar.gz"],
-        release_date = "2016-10-17",
         use_category = ["test_only"],
     ),
     com_github_twitter_common_rpc = dict(
@@ -462,9 +461,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://pypi.org/project/twitter.common.rpc",
         version = "0.3.9",
         sha256 = "0792b63fb2fb32d970c2e9a409d3d00633190a22eb185145fe3d9067fdaa4514",
+        release_date = "2016-10-17",
         strip_prefix = "twitter.common.rpc-{version}/src",
         urls = ["https://files.pythonhosted.org/packages/be/97/f5f701b703d0f25fbf148992cd58d55b4d08d3db785aad209255ee67e2d0/twitter.common.rpc-{version}.tar.gz"],
-        release_date = "2016-10-17",
         use_category = ["test_only"],
     ),
     com_github_twitter_common_finagle_thrift = dict(
@@ -473,9 +472,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://pypi.org/project/twitter.common.finagle-thrift",
         version = "0.3.9",
         sha256 = "1e3a57d11f94f58745e6b83348ecd4fa74194618704f45444a15bc391fde497a",
+        release_date = "2016-10-17",
         strip_prefix = "twitter.common.finagle-thrift-{version}/src",
         urls = ["https://files.pythonhosted.org/packages/f9/e7/4f80d582578f8489226370762d2cf6bc9381175d1929eba1754e03f70708/twitter.common.finagle-thrift-{version}.tar.gz"],
-        release_date = "2016-10-17",
         use_category = ["test_only"],
     ),
     com_google_googletest = dict(
@@ -486,9 +485,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # see https://github.com/google/googletest/issues/2490
         version = "a4ab0abb93620ce26efad9de9296b73b16e88588",
         sha256 = "7897bfaa5ad39a479177cfb5c3ce010184dbaee22a7c3727b212282871918751",
+        release_date = "2020-09-10",
         strip_prefix = "googletest-{version}",
         urls = ["https://github.com/google/googletest/archive/{version}.tar.gz"],
-        release_date = "2020-09-10",
         use_category = ["test_only"],
     ),
     com_google_protobuf = dict(
@@ -497,10 +496,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://developers.google.com/protocol-buffers",
         version = "3.13.0",
         sha256 = "465fd9367992a9b9c4fba34a549773735da200903678b81b25f367982e8df376",
+        release_date = "2020-08-15",
         strip_prefix = "protobuf-{version}",
         urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v{version}/protobuf-all-{version}.tar.gz"],
         use_category = ["dataplane_core", "controlplane"],
-        release_date = "2020-08-14",
         cpe = "cpe:2.3:a:google:protobuf:*",
     ),
     grpc_httpjson_transcoding = dict(
@@ -509,11 +508,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/grpc-ecosystem/grpc-httpjson-transcoding",
         version = "4d095f048889d4fc3b8d4579aa80ca4290319802",
         sha256 = "7af66e0674340932683ab4f04ea6f03e2550849a54741738d94310b84d396a2c",
+        release_date = "2020-11-13",
         strip_prefix = "grpc-httpjson-transcoding-{version}",
         urls = ["https://github.com/grpc-ecosystem/grpc-httpjson-transcoding/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.filters.http.grpc_json_transcoder"],
-        release_date = "2020-11-13",
         cpe = "N/A",
     ),
     io_bazel_rules_go = dict(
@@ -522,15 +521,15 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/rules_go",
         version = "0.23.7",
         sha256 = "0310e837aed522875791750de44408ec91046c630374990edd51827cb169f616",
-        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.tar.gz"],
-        use_category = ["build", "api"],
         release_date = "2020-08-06",
+        urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.tar.gz"],
         implied_untracked_deps = [
             "com_github_golang_protobuf",
             "io_bazel_rules_nogo",
             "org_golang_google_protobuf",
             "org_golang_x_tools",
         ],
+        use_category = ["build", "api"],
     ),
     rules_cc = dict(
         project_name = "C++ rules for Bazel",
@@ -539,9 +538,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # TODO(lizan): pin to a point releases when there's a released version.
         version = "b1c40e1de81913a3c40e5948f78719c28152486d",
         sha256 = "71d037168733f26d2a9648ad066ee8da4a34a13f51d24843a42efa6b65c2420f",
+        release_date = "2020-11-11",
         strip_prefix = "rules_cc-{version}",
         urls = ["https://github.com/bazelbuild/rules_cc/archive/{version}.tar.gz"],
-        release_date = "2020-11-11",
         use_category = ["build"],
     ),
     rules_foreign_cc = dict(
@@ -550,31 +549,29 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/rules_foreign_cc",
         version = "d54c78ab86b40770ee19f0949db9d74a831ab9f0",
         sha256 = "e7446144277c9578141821fc91c55a61df7ae01bda890902f7286f5fd2f6ae46",
+        release_date = "2020-10-26",
         strip_prefix = "rules_foreign_cc-{version}",
         urls = ["https://github.com/bazelbuild/rules_foreign_cc/archive/{version}.tar.gz"],
-        release_date = "2020-10-26",
         use_category = ["build"],
     ),
     rules_python = dict(
         project_name = "Python rules for Bazel",
         project_desc = "Bazel rules for the Python language",
         project_url = "https://github.com/bazelbuild/rules_python",
-        # TODO(htuch): revert back to a point releases when pip3_import appears.
-        version = "a0fbf98d4e3a232144df4d0d80b577c7a693b570",
-        sha256 = "76a8fd4e7eca2a3590f816958faa0d83c9b2ce9c32634c5c375bcccf161d3bb5",
-        strip_prefix = "rules_python-{version}",
-        urls = ["https://github.com/bazelbuild/rules_python/archive/{version}.tar.gz"],
-        release_date = "2020-04-09",
+        version = "0.1.0",
+        sha256 = "b6d46438523a3ec0f3cead544190ee13223a52f6a6765a29eae7b7cc24cc83a0",
+        release_date = "2020-10-15",
+        urls = ["https://github.com/bazelbuild/rules_python/releases/download/{version}/rules_python-{version}.tar.gz"],
         use_category = ["build"],
     ),
     six = dict(
         project_name = "Six",
         project_desc = "Python 2 and 3 compatibility library",
-        project_url = "https://pypi.org/project/six",
+        project_url = "https://github.com/benjaminp/six",
         version = "1.12.0",
-        sha256 = "d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73",
-        urls = ["https://files.pythonhosted.org/packages/dd/bf/4138e7bfb757de47d1f4b6994648ec67a51efe58fa907c1e11e350cddfca/six-{version}.tar.gz"],
-        release_date = "2018-12-09",
+        sha256 = "0ce7aef70d066b8dda6425c670d00c25579c3daad8108b3e3d41bef26003c852",
+        release_date = "2018-12-10",
+        urls = ["https://github.com/benjaminp/six/archive/{version}.tar.gz"],
         use_category = ["other"],
     ),
     org_llvm_llvm = dict(
@@ -583,9 +580,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://llvm.org",
         version = "10.0.0",
         sha256 = "df83a44b3a9a71029049ec101fb0077ecbbdf5fe41e395215025779099a98fdf",
+        release_date = "2020-03-24",
         strip_prefix = "llvm-{version}.src",
         urls = ["https://github.com/llvm/llvm-project/releases/download/llvmorg-{version}/llvm-{version}.src.tar.xz"],
-        release_date = "2020-03-23",
         use_category = ["dataplane_ext"],
         extensions = ["envoy.wasm.runtime.wavm"],
         cpe = "cpe:2.3:a:llvm:*:*",
@@ -596,9 +593,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://wavm.github.io",
         version = "e289ba654fe51655ab080819fd85ed9c936aae6e",
         sha256 = "35e2bfa795c67ef70405470f85bd2a15565738fb5cc08dc9c1a9c4676ee51e60",
+        release_date = "2020-09-17",
         strip_prefix = "WAVM-{version}",
         urls = ["https://github.com/WAVM/WAVM/archive/{version}.tar.gz"],
-        release_date = "2020-09-17",
         use_category = ["dataplane_ext"],
         extensions = ["envoy.wasm.runtime.wavm"],
         cpe = "cpe:2.3:a:webassembly_virtual_machine_project:webassembly_virtual_machine:*",
@@ -609,9 +606,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bytecodealliance/wasmtime",
         version = "0.21.0",
         sha256 = "7874feb1026bbef06796bd5ab80e73f15b8e83752bde8dc93994f5bc039a4952",
+        release_date = "2020-11-05",
         strip_prefix = "wasmtime-{version}",
         urls = ["https://github.com/bytecodealliance/wasmtime/archive/v{version}.tar.gz"],
-        release_date = "2020-11-05",
         use_category = ["dataplane_ext"],
         extensions = ["envoy.wasm.runtime.wasmtime"],
         cpe = "N/A",
@@ -624,9 +621,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # https://github.com/bytecodealliance/wasmtime/tree/v0.21.0/crates/c-api
         version = "d9a80099d496b5cdba6f3fe8fc77586e0e505ddc",
         sha256 = "aea8cd095e9937f1e14f2c93e026317b197eb2345e7a817fe3932062eb7b792c",
+        release_date = "2019-11-14",
         strip_prefix = "wasm-c-api-{version}",
         urls = ["https://github.com/WebAssembly/wasm-c-api/archive/{version}.tar.gz"],
-        release_date = "2019-11-14",
         use_category = ["dataplane_ext"],
         extensions = ["envoy.wasm.runtime.wasmtime"],
         cpe = "N/A",
@@ -637,20 +634,21 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/census-instrumentation/opencensus-cpp",
         version = "ba631066779a534267fdb1321b19850eb2b0c000",
         sha256 = "f239a40803f6e2e42b57c9e68771b0990c4ca8b2d76b440073cdf14f4211ad26",
+        release_date = "2020-10-08",
         strip_prefix = "opencensus-cpp-{version}",
         urls = ["https://github.com/census-instrumentation/opencensus-cpp/archive/{version}.tar.gz"],
         use_category = ["observability_ext"],
         extensions = ["envoy.tracers.opencensus"],
-        release_date = "2020-10-08",
         cpe = "N/A",
     ),
-    # This should be removed, see https://github.com/envoyproxy/envoy/issues/11816.
     com_github_curl = dict(
+        # This should be removed, see https://github.com/envoyproxy/envoy/issues/11816.
         project_name = "curl",
         project_desc = "Library for transferring data with URLs",
         project_url = "https://curl.haxx.se",
         version = "7.72.0",
         sha256 = "d4d5899a3868fbb6ae1856c3e55a32ce35913de3956d1973caccd37bd0174fa2",
+        release_date = "2020-08-19",
         strip_prefix = "curl-{version}",
         urls = ["https://github.com/curl/curl/releases/download/curl-{underscore_version}/curl-{version}.tar.gz"],
         use_category = ["dataplane_ext", "observability_ext"],
@@ -660,7 +658,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.grpc_credentials.aws_iam",
             "envoy.tracers.opencensus",
         ],
-        release_date = "2020-08-19",
         cpe = "cpe:2.3:a:haxx:curl:*",
     ),
     com_googlesource_chromium_v8 = dict(
@@ -684,10 +681,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # Static snapshot of https://quiche.googlesource.com/quiche/+archive/ecc28c0d7428f3323ea26eb1ddb98a5e06b23dea.tar.gz
         version = "ecc28c0d7428f3323ea26eb1ddb98a5e06b23dea",
         sha256 = "52680dea984dbe899c27176155578b97276e1f1516b7c3a63fb16ba593061859",
+        release_date = "2020-11-10",
         urls = ["https://storage.googleapis.com/quiche-envoy-integration/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.transport_sockets.quic"],
-        release_date = "2020-11-10",
         cpe = "N/A",
     ),
     com_googlesource_googleurl = dict(
@@ -697,10 +694,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         # Static snapshot of https://quiche.googlesource.com/quiche/+archive/ef0d23689e240e6c8de4c3a5296b209128c87373.tar.gz.
         version = "ef0d23689e240e6c8de4c3a5296b209128c87373",
         sha256 = "d769283fed1319bca68bae8bdd47fbc3a7933999329eee850eff1f1ea61ce176",
+        release_date = "2020-07-30",
         urls = ["https://storage.googleapis.com/quiche-envoy-integration/googleurl_{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = [],
-        release_date = "2020-07-30",
         cpe = "N/A",
     ),
     com_google_cel_cpp = dict(
@@ -709,6 +706,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://opensource.google/projects/cel",
         version = "47244a458e7739ad38e178a3f3892d197de4a574",
         sha256 = "51b1af23cb703a94d18fe7a5e2696f96cde5bc35a279c6c844e6363aea3982fb",
+        release_date = "2020-10-25",
         strip_prefix = "cel-cpp-{version}",
         urls = ["https://github.com/google/cel-cpp/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -721,7 +719,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.filters.network.wasm",
             "envoy.stat_sinks.wasm",
         ],
-        release_date = "2020-10-25",
         cpe = "N/A",
     ),
     com_github_google_flatbuffers = dict(
@@ -730,6 +727,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/google/flatbuffers",
         version = "a83caf5910644ba1c421c002ef68e42f21c15f9f",
         sha256 = "b8efbc25721e76780752bad775a97c3f77a0250271e2db37fc747b20e8b0f24a",
+        release_date = "2020-04-02",
         strip_prefix = "flatbuffers-{version}",
         urls = ["https://github.com/google/flatbuffers/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -740,7 +738,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.filters.network.wasm",
             "envoy.stat_sinks.wasm",
         ],
-        release_date = "2020-04-02",
         cpe = "N/A",
     ),
     com_googlesource_code_re2 = dict(
@@ -749,25 +746,25 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/google/re2",
         version = "2020-07-06",
         sha256 = "2e9489a31ae007c81e90e8ec8a15d62d58a9c18d4fd1603f6441ef248556b41f",
+        release_date = "2020-07-06",
         strip_prefix = "re2-{version}",
         urls = ["https://github.com/google/re2/archive/{version}.tar.gz"],
         use_category = ["controlplane", "dataplane_core"],
-        release_date = "2020-07-06",
         cpe = "N/A",
     ),
-    # Included to access FuzzedDataProvider.h. This is compiler agnostic but
-    # provided as part of the compiler-rt source distribution. We can't use the
-    # Clang variant as we are not a Clang-LLVM only shop today.
     org_llvm_releases_compiler_rt = dict(
         project_name = "compiler-rt",
         project_desc = "LLVM compiler runtime library",
         project_url = "https://compiler-rt.llvm.org",
+        # Included to access FuzzedDataProvider.h. This is compiler agnostic but
+        # provided as part of the compiler-rt source distribution. We can't use the
+        # Clang variant as we are not a Clang-LLVM only shop today.
         version = "10.0.0",
         sha256 = "6a7da64d3a0a7320577b68b9ca4933bdcab676e898b759850e827333c3282c75",
+        release_date = "2020-03-24",
         # Only allow peeking at fuzzer related files for now.
         strip_prefix = "compiler-rt-{version}.src",
         urls = ["https://github.com/llvm/llvm-project/releases/download/llvmorg-{version}/compiler-rt-{version}.src.tar.xz"],
-        release_date = "2020-03-23",
         use_category = ["test_only"],
     ),
     upb = dict(
@@ -776,10 +773,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/protocolbuffers/upb",
         version = "8a3ae1ef3e3e3f26b45dec735c5776737fc7247f",
         sha256 = "e9f281c56ab1eb1f97a80ca8a83bb7ef73d230eabb8591f83876f4e7b85d9b47",
+        release_date = "2019-11-19",
         strip_prefix = "upb-{version}",
         urls = ["https://github.com/protocolbuffers/upb/archive/{version}.tar.gz"],
         use_category = ["controlplane"],
-        release_date = "2019-11-19",
         cpe = "N/A",
     ),
     kafka_source = dict(
@@ -788,11 +785,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://kafka.apache.org",
         version = "2.4.1",
         sha256 = "740236f44d66e33ea83382383b4fb7eabdab7093a644b525dd5ec90207f933bd",
+        release_date = "2020-03-03",
         strip_prefix = "kafka-{version}/clients/src/main/resources/common/message",
         urls = ["https://github.com/apache/kafka/archive/{version}.zip"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.filters.network.kafka_broker"],
-        release_date = "2020-03-03",
         cpe = "cpe:2.3:a:apache:kafka:*",
     ),
     kafka_server_binary = dict(
@@ -801,9 +798,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://kafka.apache.org",
         version = "2.4.1",
         sha256 = "2177cbd14118999e1d76fec628ca78ace7e6f841219dbc6035027c796bbe1a2a",
+        release_date = "2020-03-12",
         strip_prefix = "kafka_2.12-{version}",
         urls = ["https://mirrors.gigenet.com/apache/kafka/{version}/kafka_2.12-{version}.tgz"],
-        release_date = "2020-03-12",
         use_category = ["test_only"],
     ),
     kafka_python_client = dict(
@@ -812,9 +809,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://kafka.apache.org",
         version = "2.0.1",
         sha256 = "05f7c6eecb402f11fcb7e524c903f1ba1c38d3bdc9bf42bc8ec3cf7567b9f979",
+        release_date = "2020-09-30",
         strip_prefix = "kafka-python-{version}",
         urls = ["https://github.com/dpkp/kafka-python/archive/{version}.tar.gz"],
-        release_date = "2020-02-20",
         use_category = ["test_only"],
     ),
     proxy_wasm_cpp_sdk = dict(
@@ -823,6 +820,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/proxy-wasm/proxy-wasm-cpp-sdk",
         version = "956f0d500c380cc1656a2d861b7ee12c2515a664",
         sha256 = "b97e3e716b1f38dc601487aa0bde72490bbc82b8f3ad73f1f3e69733984955df",
+        release_date = "2020-11-20",
         strip_prefix = "proxy-wasm-cpp-sdk-{version}",
         urls = ["https://github.com/proxy-wasm/proxy-wasm-cpp-sdk/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -837,7 +835,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.wasm.runtime.wavm",
             "envoy.wasm.runtime.wasmtime",
         ],
-        release_date = "2020-11-20",
         cpe = "N/A",
     ),
     proxy_wasm_cpp_host = dict(
@@ -846,6 +843,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/proxy-wasm/proxy-wasm-cpp-host",
         version = "15827110ac35fdac9abdb6b05d04ee7ee2044dae",
         sha256 = "77a2671205eb0973bee375a1bee4099edef991350433981f6e3508780318117d",
+        release_date = "2020-11-12",
         strip_prefix = "proxy-wasm-cpp-host-{version}",
         urls = ["https://github.com/proxy-wasm/proxy-wasm-cpp-host/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -860,7 +858,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.wasm.runtime.wavm",
             "envoy.wasm.runtime.wasmtime",
         ],
-        release_date = "2020-11-12",
         cpe = "N/A",
     ),
     proxy_wasm_rust_sdk = dict(
@@ -869,10 +866,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/proxy-wasm/proxy-wasm-rust-sdk",
         version = "802cab2eabc1da106d8b8b7be2c7278b2bfadfbd",
         sha256 = "cc247af14ffa903e90d07ae28effeec9ad11215118f5802ab7d22b961cacd365",
+        release_date = "2020-12-05",
         strip_prefix = "proxy-wasm-rust-sdk-{version}",
         urls = ["https://github.com/proxy-wasm/proxy-wasm-rust-sdk/archive/{version}.tar.gz"],
         use_category = ["test_only"],
-        release_date = "2020-12-05",
         cpe = "N/A",
     ),
     emscripten_toolchain = dict(
@@ -881,10 +878,10 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/emscripten-core/emsdk",
         version = "2.0.7",
         sha256 = "ce7a5c76e8b425aca874cea329fd9ac44b203b777053453b6a37b4496c5ce34f",
+        release_date = "2020-10-13",
         strip_prefix = "emsdk-{version}",
         urls = ["https://github.com/emscripten-core/emsdk/archive/{version}.tar.gz"],
         use_category = ["build"],
-        release_date = "2020-10-13",
     ),
     io_bazel_rules_rust = dict(
         project_name = "Bazel rust rules",
@@ -892,11 +889,11 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/bazelbuild/rules_rust",
         version = "aa7c6938cf1cc2973bc065c7532f89874bf09818",
         sha256 = "5cb2fbcc3debebc7b68f5f66c1b7ef741bdcca87c70594de688d4518538c36c8",
+        release_date = "2020-12-04",
         strip_prefix = "rules_rust-{version}",
         urls = ["https://github.com/bazelbuild/rules_rust/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
         extensions = ["envoy.wasm.runtime.wasmtime"],
-        release_date = "2020-12-04",
         cpe = "N/A",
     ),
     rules_antlr = dict(
@@ -905,9 +902,9 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/marcohu/rules_antlr",
         version = "3cc2f9502a54ceb7b79b37383316b23c4da66f9a",
         sha256 = "7249d1569293d9b239e23c65f6b4c81a07da921738bde0dfeb231ed98be40429",
+        release_date = "2019-06-21",
         strip_prefix = "rules_antlr-{version}",
         urls = ["https://github.com/marcohu/rules_antlr/archive/{version}.tar.gz"],
-        # ANTLR has a runtime component, so is not purely build.
         use_category = ["dataplane_ext"],
         extensions = [
             "envoy.access_loggers.wasm",
@@ -916,7 +913,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.filters.network.wasm",
             "envoy.stat_sinks.wasm",
         ],
-        release_date = "2019-06-21",
         cpe = "N/A",
     ),
     antlr4_runtimes = dict(
@@ -925,6 +921,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_url = "https://github.com/antlr/antlr4",
         version = "4.7.2",
         sha256 = "46f5e1af5f4bd28ade55cb632f9a069656b31fc8c2408f9aa045f9b5f5caad64",
+        release_date = "2018-12-18",
         strip_prefix = "antlr4-{version}",
         urls = ["https://github.com/antlr/antlr4/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -935,7 +932,6 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.filters.network.wasm",
             "envoy.stat_sinks.wasm",
         ],
-        release_date = "2018-12-18",
         cpe = "N/A",
     ),
 )
diff --git a/ci/WORKSPACE.filter.example b/ci/WORKSPACE.filter.example
index 0159ddfd78214..db20a3146ac9a 100644
--- a/ci/WORKSPACE.filter.example
+++ b/ci/WORKSPACE.filter.example
@@ -17,10 +17,6 @@ load("@envoy//bazel:repositories.bzl", "envoy_dependencies")
 
 envoy_dependencies()
 
-load("@envoy//bazel:repositories_extra.bzl", "envoy_dependencies_extra")
-
-envoy_dependencies_extra()
-
 load("@envoy//bazel:dependency_imports.bzl", "envoy_dependency_imports")
 
 envoy_dependency_imports()
diff --git a/generated_api_shadow/bazel/repository_locations.bzl b/generated_api_shadow/bazel/repository_locations.bzl
index f0173e58946e6..b8db8939e23a4 100644
--- a/generated_api_shadow/bazel/repository_locations.bzl
+++ b/generated_api_shadow/bazel/repository_locations.bzl
@@ -97,7 +97,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         sha256 = "ebea8a6968722524d1bcc4426fb6a29907ddc2902aac7de1559012d3eee90cf9",
         strip_prefix = "skywalking-data-collect-protocol-{version}",
         urls = ["https://github.com/apache/skywalking-data-collect-protocol/archive/v{version}.tar.gz"],
-        release_date = "2020-07-29",
+        release_date = "2020-07-31",
         use_category = ["api"],
     ),
 )
diff --git a/tools/dependency/release_dates.py b/tools/dependency/release_dates.py
index 4126d3507d847..f536919567ca9 100644
--- a/tools/dependency/release_dates.py
+++ b/tools/dependency/release_dates.py
@@ -11,11 +11,12 @@
 # variable. You can generate personal access tokens under developer settings on
 # GitHub. You should restrict the scope of the token to "repo: public_repo".
 
+from colorama import Fore, Style
+from datetime import datetime
+from packaging import version
+import github
 import os
 import sys
-
-import github
-
 import utils
 
 
@@ -24,6 +25,11 @@ class ReleaseDateError(Exception):
   pass
 
 
+# Print colorized output using colorama
+def Colorize(color, str):
+  print(getattr(Fore, color) + f'{str}' + Style.RESET_ALL)
+
+
 # Format a datetime object as UTC YYYY-MM-DD.
 def FormatUtcDate(date):
   # We only handle naive datetime objects right now, which is what PyGithub
@@ -38,8 +44,10 @@ def VerifyAndPrintLatestRelease(dep, repo, metadata_version, release_date):
   try:
     latest_release = repo.get_latest_release()
     if latest_release.created_at > release_date and latest_release.tag_name != metadata_version:
-      print(f'*WARNING* {dep} has a newer release than {metadata_version}@<{release_date}>: '
-            f'{latest_release.tag_name}@<{latest_release.created_at}>')
+      Colorize(
+          "YELLOW",
+          f'*WARNING* {dep} has a newer release than {metadata_version}@<{release_date}> : '
+          f'{latest_release.tag_name}@<{latest_release.created_at}>')
   except github.UnknownObjectException:
     pass
 
@@ -48,22 +56,52 @@ def VerifyAndPrintLatestRelease(dep, repo, metadata_version, release_date):
 def VerifyAndPrintReleaseDate(dep, github_release_date, metadata_release_date):
   mismatch = ''
   iso_release_date = FormatUtcDate(github_release_date)
-  print(f'{dep} has a GitHub release date {iso_release_date}')
+  Colorize("GREEN", f'{dep} has a GitHub release date {iso_release_date}')
   if iso_release_date != metadata_release_date:
     raise ReleaseDateError(f'Mismatch with metadata release date of {metadata_release_date}')
 
 
 # Extract release date from GitHub API.
-def GetReleaseDate(repo, metadata_version, github_release):
+def GetReleaseDate(dep, repo, metadata_version, github_release):
   if github_release.tagged:
-    tags = repo.get_tags()
-    for tag in tags:
-      if tag.name == github_release.version:
-        return tag.commit.commit.committer.date
+
+    # Not all Github repositories with releases have a latest release
+    try:
+      latest = repo.get_latest_release()
+    except github.UnknownObjectException:
+      latest = None
+
+    # When the repository does have a latest release, compare the metadata version with the latest
+    # tag. In cases where a repository has a tag that is later than the latest release (eg.
+    # census-instrumentation/opencensus-proto), the get_release API call will fail so we check to
+    # ensure the metadata release version is less than or equal to the repository tag name
+    if latest and version.parse(github_release.version) <= version.parse(latest.tag_name):
+      return repo.get_release(github_release.version).published_at
+    else:
+      tags = repo.get_tags()
+      current_metadata_tag_commit_date = None
+      for tag in tags.reversed:
+        if tag.name == github_release.version:
+          current_metadata_tag_commit_date = tag.commit.commit.committer.date
+        # Exclude pre-releases like release candidates (eg. apache/kafka)
+        if not version.parse(tag.name).is_prerelease and version.parse(tag.name) > version.parse(
+            github_release.version):
+          Colorize(
+              "YELLOW",
+              f'*WARNING* {dep} has a newer release than {github_release.version}@<{current_metadata_tag_commit_date}> : '
+              f'{tag.name}@<{tag.commit.commit.committer.date}>')
+      return current_metadata_tag_commit_date
     return None
   else:
     assert (metadata_version == github_release.version)
     commit = repo.get_commit(github_release.version)
+    commits = repo.get_commits(since=commit.commit.committer.date)
+    count = commits.totalCount - 1
+    if count > 0:
+      Colorize(
+          "YELLOW",
+          f'*WARNING* {dep} has had {count} commits since {github_release.version}@<{commit.commit.committer.date}>'
+      )
     return commit.commit.committer.date
 
 
@@ -76,8 +114,10 @@ def VerifyAndPrintReleaseDates(repository_locations, github_instance):
     if not github_release:
       print(f'{dep} is not a GitHub repository')
       continue
+    else:
+      print("github_release: ", github_release)
     repo = github_instance.get_repo(f'{github_release.organization}/{github_release.project}')
-    release_date = GetReleaseDate(repo, metadata['version'], github_release)
+    release_date = GetReleaseDate(dep, repo, metadata['version'], github_release)
     if release_date:
       # Check whether there is a more recent version and warn if necessary.
       VerifyAndPrintLatestRelease(dep, repo, github_release.version, release_date)
@@ -103,6 +143,8 @@ def VerifyAndPrintReleaseDates(repository_locations, github_instance):
     VerifyAndPrintReleaseDates(spec_loader(path_module.REPOSITORY_LOCATIONS_SPEC),
                                github.Github(access_token))
   except ReleaseDateError as e:
-    print(f'An error occurred while processing {path}, please verify the correctness of the '
-          f'metadata: {e}')
+    Colorize(
+        "RED",
+        f'*ERROR* An error occurred while processing {path}, please verify the correctness of the '
+        f'metadata: {e}')
     sys.exit(1)
diff --git a/tools/dependency/requirements.txt b/tools/dependency/requirements.txt
index 8f25e6588e09c..58a465e5ed236 100644
--- a/tools/dependency/requirements.txt
+++ b/tools/dependency/requirements.txt
@@ -1,26 +1,41 @@
-PyGithub==1.53 \
-    --hash=sha256:776befaddab9d8fddd525d52a6ca1ac228cf62b5b1e271836d766f4925e1452e \
-    --hash=sha256:8ad656bf79958e775ec59f7f5a3dbcbadac12147ae3dc42708b951064096af15
-requests==2.24.0 \
-    --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b \
-    --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898
-Deprecated==1.2.10 \
-    --hash=sha256:525ba66fb5f90b07169fdd48b6373c18f1ee12728ca277ca44567a367d9d7f74 \
-    --hash=sha256:a766c1dccb30c5f6eb2b203f87edd1d8588847709c78589e1521d769addc8218
-PyJWT==1.7.1 \
-    --hash=sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e \
-    --hash=sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96
 certifi==2020.6.20 \
     --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 \
     --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41
 chardet==3.0.4 \
     --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
     --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
+colorama==0.4.4 \
+    --hash=sha256:5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b \
+    --hash=sha256:9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2
+Deprecated==1.2.10 \
+    --hash=sha256:525ba66fb5f90b07169fdd48b6373c18f1ee12728ca277ca44567a367d9d7f74 \
+    --hash=sha256:a766c1dccb30c5f6eb2b203f87edd1d8588847709c78589e1521d769addc8218
 idna==2.10 \
     --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 \
     --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0
-wrapt==1.12.1 \
-    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7
+packaging==20.7 \
+    --hash=sha256:05af3bb85d320377db281cf254ab050e1a7ebcbf5410685a9a407e18a1f81236 \
+    --hash=sha256:eb41423378682dadb7166144a4926e443093863024de508ca5c9737d6bc08376
+PyGithub==1.53 \
+    --hash=sha256:776befaddab9d8fddd525d52a6ca1ac228cf62b5b1e271836d766f4925e1452e \
+    --hash=sha256:8ad656bf79958e775ec59f7f5a3dbcbadac12147ae3dc42708b951064096af15
+PyJWT==1.7.1 \
+    --hash=sha256:5c6eca3c2940464d106b99ba83b00c6add741c9becaec087fb7ccdefea71350e \
+    --hash=sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96
+pyparsing==2.4.7 \
+    --hash=sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1 \
+    --hash=sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b
+python-dateutil==2.8.1 \
+    --hash=sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c \
+    --hash=sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a
+requests==2.24.0 \
+    --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b \
+    --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898
+six==1.15.0 \
+    --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \
+    --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
 urllib3==1.25.10 \
     --hash=sha256:91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a \
     --hash=sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461
+wrapt==1.12.1 \
+    --hash=sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7
diff --git a/tools/dependency/validate.py b/tools/dependency/validate.py
index 92178b450074d..9b725d985f6d2 100755
--- a/tools/dependency/validate.py
+++ b/tools/dependency/validate.py
@@ -60,7 +60,7 @@ def TestOnlyIgnore(dep):
   if dep.startswith('remotejdk'):
     return True
   # Python (pip3)
-  if '_pip3_' in dep:
+  if '_pip3' in dep:
     return True
   return False
 
diff --git a/tools/dependency/validate_test.py b/tools/dependency/validate_test.py
index 4474c64427607..420a86433f275 100755
--- a/tools/dependency/validate_test.py
+++ b/tools/dependency/validate_test.py
@@ -61,7 +61,7 @@ def test_invalid_build_graph_structure(self):
   def test_valid_test_only_deps(self):
     validator = self.BuildValidator({'a': FakeDep('dataplane_core')}, {'//source/...': ['a']})
     validator.ValidateTestOnlyDeps()
-    validator = self.BuildValidator({'a': FakeDep('test_only')}, {'//test/...': ['a', 'b__pip3_']})
+    validator = self.BuildValidator({'a': FakeDep('test_only')}, {'//test/...': ['a', 'b__pip3']})
     validator.ValidateTestOnlyDeps()
 
   def test_invalid_test_only_deps(self):