I have noticed some security vulnerabilities in the latest official awx-ee available here. Updating some python packages with their latest version would solve those flaws:
setuptools 53.0.0 --> 69.0.3
paramiko 2.12.0 --> 3.4.0
pip 21.2.3 --> 23.3.2
It could be performed with the following lines added in execution-environment.yml:
additional_build_steps:
append_final:
- RUN pip3 --disable-pip-version-check list --outdated --format=json | python3 -c "import json, sys; print('\n'.join([x['name'] for x in json.load(sys.stdin)]))" | xargs -n1 pip3 install -U
The fact that it has not been done might suggest some sort of incompatibilities with AWX.
Is it the case or is it safe to upgrade them?
I have noticed some security vulnerabilities in the latest official awx-ee available here. Updating some python packages with their latest version would solve those flaws:
It could be performed with the following lines added in execution-environment.yml:
The fact that it has not been done might suggest some sort of incompatibilities with AWX. Is it the case or is it safe to upgrade them?