Update dependencies #39
Description
https://github.com/specify/web-asset-server/tree/master
| Component | Current Version/Range | Latest Version/Replacement | EOL Date | Notes |
|---|---|---|---|---|
| ExifRead | 2.3.1 | 3.0.0 (PyPi) | N/A | |
| Paste | 3.4.4 | 3.10.0 (PyPi, in maintenance mode) / Alternative: Waitress, Gunicorn, or uWSGI | N/A (Maintenance only) | Paste is in maintenance mode; we should replace it with a dedicated WSGI server!! |
| sh | 1.14.0 | 2.2.2 (PyPi) | Out of date since 2021 | |
| Bottle | >=0.12.23, <0.13 | 0.13.12 (PyPi) | N/A | |
| Docker Base OS | ubuntu:18.04 | ubuntu:24.04 LTS | Ubuntu 18.04: April 2023 (standard support) | Upgrade to a current LTS release for improved security and support; Ubuntu 24.04 LTS will be supported until ~2029 |
| Python Version | python3.6 | python3.14 | Python 3.6: December 2021 | Need to update Python version to make sure we have the latest security updates |
From CSIRO on Asana:
Asset-server: Upgrade python; 3.6 series has now reached EOL
Our Tenable has picked it up as a major vulnerability in asset server, is it possible to address this as a priority?
https://security.snyk.io/package/linux/ubuntu%3A18.04/python3.6