Updates for ubuntu:latest, python 3.10, werkzeug 2.3.7, remove meinheld

[matt-domsch-sp]

Summary

Due to 441 reported CVEs in the docker.io/kong/httpbin:latest image (Ubuntu focal packages and python libraries), I found it necessary to update the base OS to ubuntu:latest. Doing so brings in Python 3.10 and updated pipenv. To resolve the python library CVEs, update the dependencies which include werkzeug 2.3.7 which necessitates a few minor changes to the application. Removing (unused) meinheld resolves another CVE.

Full changelog

• Use ubuntu:latest as base image, with all current updates applied
• Use Python 3.10 from base image in a pipenv
• Upgrade python library dependencies

Testing

• [X] Unit tests
• [X] E2E tests

CVEs addressed

• CVE-2013-4235
• CVE-2015-20107
• CVE-2016-20013
• CVE-2016-2781
• CVE-2017-11164
• CVE-2017-13716
• CVE-2018-1000021
• CVE-2018-20657
• CVE-2018-6952
• CVE-2019-1010204
• CVE-2019-10906
• CVE-2019-14322
• CVE-2019-14806
• CVE-2020-11080
• CVE-2020-13844
• CVE-2020-16156
• CVE-2020-19726
• CVE-2020-28493
• CVE-2020-35525
• CVE-2020-35527
• CVE-2020-7658
• CVE-2021-28861
• CVE-2021-33503
• CVE-2021-36222
• CVE-2021-3671
• CVE-2021-37750
• CVE-2021-39537
• CVE-2021-41617
• CVE-2021-4209
• CVE-2021-43618
• CVE-2021-44758
• CVE-2021-45078
• CVE-2021-45261
• CVE-2021-46174
• CVE-2022-1304
• CVE-2022-1586
• CVE-2022-1587
• CVE-2022-2097
• CVE-2022-23491
• CVE-2022-23521
• CVE-2022-2509
• CVE-2022-28321
• CVE-2022-29187
• CVE-2022-29361
• CVE-2022-29458
• CVE-2022-3116
• CVE-2022-3219
• CVE-2022-32206
• CVE-2022-32208
• CVE-2022-32221
• CVE-2022-3437
• CVE-2022-34903
• CVE-2022-3515
• CVE-2022-35252
• CVE-2022-35737
• CVE-2022-37434
• CVE-2022-37454
• CVE-2022-3821
• CVE-2022-38533
• CVE-2022-39253
• CVE-2022-39260
• CVE-2022-40674
• CVE-2022-40897
• CVE-2022-40898
• CVE-2022-41903
• CVE-2022-41916
• CVE-2022-42898
• CVE-2022-4304
• CVE-2022-43552
• CVE-2022-43680
• CVE-2022-4415
• CVE-2022-4450
• CVE-2022-44640
• CVE-2022-44840
• CVE-2022-45061
• CVE-2022-45142
• CVE-2022-45703
• CVE-2022-47629
• CVE-2022-47673
• CVE-2022-47695
• CVE-2022-47696
• CVE-2022-48303
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-0361
• CVE-2023-0464
• CVE-2023-0465
• CVE-2023-0466
• CVE-2023-1667
• CVE-2023-22490
• CVE-2023-2283
• CVE-2023-23916
• CVE-2023-23934
• CVE-2023-23946
• CVE-2023-24329
• CVE-2023-25577
• CVE-2023-25584
• CVE-2023-25585
• CVE-2023-25588
• CVE-2023-25652
• CVE-2023-25815
• CVE-2023-2650
• CVE-2023-26604
• CVE-2023-27043
• CVE-2023-27533
• CVE-2023-27534
• CVE-2023-27535
• CVE-2023-27536
• CVE-2023-27538
• CVE-2023-28321
• CVE-2023-28322
• CVE-2023-29007
• CVE-2023-29383
• CVE-2023-29491
• CVE-2023-2953
• CVE-2023-30861
• CVE-2023-3138
• CVE-2023-31484
• CVE-2023-32681
• CVE-2023-36054
• CVE-2023-38408
• CVE-2023-4016

[CLAassistant]

All committers have signed the CLA.

[matt-domsch-sp]

I have addressed the version, and not invoked the unit test in the Docker build. I also confirm that this image no longer reports any vulnerabilities by the Wiz scanning tool.

Thanks, Matt

[pmalek]

@matt-domsch-sp Do you mind rebasing? I've fixed the broken precommit workflow in #37.

[matt-domsch-sp]

rebased onto main.