Update base image and dependencies.

- Python 3.7.3 --> 3.11
- Alpine 3.8 --> 3.19
- Python dependencies
    - Flask: 2.0.3 --> 2.3.3 (not latest)
    - confidant-client 2.1.0 --> 2.5.2
    - other python deps to match
    - pin down required dependencies not pinned
    - ... ideally we switch to poetry.

🚨 This addresses a "HIGH" (Severity 7.5/10) vulnerability in Flask.

Dockerfile

@@ -1,8 +1,8 @@
-FROM python:3-alpine3.8 AS base
+FROM python:3.11-alpine3.19 AS base
 FROM base AS builder
 
 WORKDIR /srv
-RUN apk add --no-cache --update alpine-sdk~=1.0 libffi~=3.2 libffi-dev~=3.2 openssl-dev~=1.0
+RUN apk add --no-cache --update alpine-sdk~=1.0 libffi~=3 libffi-dev~=3 openssl-dev~=3
 COPY ./secretupdater/requirements.txt .
 RUN pip install --prefix=/srv --requirement ./requirements.txt
 

secretupdater/requirements-testing.txt

@@ -1,2 +1,23 @@
+asttokens==2.4.1
+decorator==5.1.1
+eradicate==2.3.0
+executing==2.0.1
+ipython==8.21.0
+jedi==0.19.1
+matplotlib-inline==0.1.6
+mccabe==0.7.0
+parso==0.8.3
+pexpect==4.9.0
+prompt-toolkit==3.0.43
+ptyprocess==0.7.0
+pure-eval==0.2.2
+pycodestyle==2.11.1
+pydocstyle==6.3.0
+pyflakes==3.2.0
+Pygments==2.17.2
 pylama==8.4.1
-eradicate
+stack-data==0.6.3
+traitlets==5.14.1
+types-requests
+types-requests==2.31.0.20240125
+wcwidth==0.2.13

secretupdater/requirements.txt

@@ -1,5 +1,32 @@
-Flask==2.0.3
+Flask==2.3.3
 Flask-BasicAuth==0.2.0
-confidant-client==2.1.0
-pykube-ng==20.10.0
-awscli==1.29.9
+confidant-client==2.5.2
+pykube-ng==23.6.0
+awscli==1.32.40
+blinker==1.7.0
+boto3==1.34.40
+botocore==1.34.40
+certifi==2024.2.2
+cffi==1.16.0
+charset-normalizer==3.3.2
+click==8.1.7
+colorama==0.4.4
+cryptography==42.0.2
+docutils==0.16
+idna==3.6
+itsdangerous==2.1.2
+Jinja2==3.1.3
+jmespath==1.0.1
+kmsauth==0.6.3
+MarkupSafe==2.1.5
+pyasn1==0.5.1
+pycparser==2.21
+python-dateutil==2.8.2
+PyYAML==6.0.1
+requests==2.31.0
+rsa==4.7.2
+s3transfer==0.10.0
+six==1.16.0
+snowballstemmer==2.2.0
+urllib3==2.0.7
+Werkzeug==3.0.1