Resolve Use of Python 2

[pjhill]

Description

Given that Python 2 has been EOL since January 1st, 2020 we need to upgrade our tools and infrastructure to Python 3. At the moment, we are aware of at least one security risk in a dependency for a Jenkins task that needs to be resolved. Are there others?

Context for the requests library issue:

• We need to be able to upgrade to Python 3 in order to get a new version of the requests library to resolve a security vulnerability
• Think about a way to get dependabot to stop creating PRs for this issue until we are able to prioritize it
• Dependabot waiver configured in dependabot yaml???

Acceptance Criteria

• [ ] We have identified all places where Python 2.x is still in use viewing from Jenkins
• [ ] We have a path to resolve the issue with the requests library being used in one Jenkins tasks

[cyriltech]

Need ref to the Jenkinsfile that is using the python dependent packages, also specially where the "requests" library is getting invoked

[pjhill]

Thought from Chris -- virtualenv is pinned to a given Python version????

[pjhill]

Jenkins link

[cyriltech]

findings in progress

[cyriltech]

[flooose]

I noticed today that we are still using centos:6 in this Dockerfile, which still only has python2. If the Jenkins runners use containers based on this file, that might be the problem.

[pjhill]

No updates for this ticket as of today -- this work will continue into the next sprint.