Fix security issues pointed by Quay #248
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Quay is pointing security issues in Freshmaker due to outdated packages. We currently install the latest package versions available for the fedora version in use. Therefore, to fix the issues, we needed to upgrade the fedora version.
Freshmaker was using fedora 37, and after upgrading to fedora 38, a number of issues were resolved. The rest of the issues that are marked as fixable are due to fedora 39 packages, but it won't become GA before a few weeks from now.
With f38, the total number of issues decreased from 21 to 13, and the number of fixable issues fell from 18 to 10. The issues with the packages
werkzeug
,mako
andmod-wsgi
were resolved.Possible concerns
The package
python3-krbcontext
is only available for f37. I removed it fromyum-packages.txt
and it didn't seem to impact freshmaker.Testing remarks
I made a deployment to the dev environment using the initial messages. There were no errors with them nor with any other message after 19h.
JIRA: CWFHEALTH-2317