Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Are there incompatibilities between AWX and the latest version of setuptools/paramiko/pip? #227

Closed
jean-christophe-manciot opened this issue Dec 29, 2023 · 1 comment
Closed

Are there incompatibilities between AWX and the latest version of setuptools/paramiko/pip? #227

jean-christophe-manciot opened this issue Dec 29, 2023 · 1 comment
Labels
needs_triage

Comments

@jean-christophe-manciot
Copy link

I have noticed some security vulnerabilities in the latest official awx-ee available here. Updating some python packages with their latest version would solve those flaws:

  • setuptools 53.0.0 --> 69.0.3
  • paramiko 2.12.0 --> 3.4.0
  • pip 21.2.3 --> 23.3.2

It could be performed with the following lines added in execution-environment.yml:

additional_build_steps:
  append_final:
    - RUN pip3 --disable-pip-version-check list --outdated --format=json | python3 -c "import json, sys; print('\n'.join([x['name'] for x in json.load(sys.stdin)]))" | xargs -n1 pip3 install -U

The fact that it has not been done might suggest some sort of incompatibilities with AWX.
Is it the case or is it safe to upgrade them?
@jean-christophe-manciot
Copy link
Author

Migrated to ansible community.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs_triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jean-christophe-manciot