runner is dependent upon a deprecated package - lockfile #379
Assignees
Labels
Comments
|
There is an open issue about lockfile dependency on the daemon project itself: https://pagure.io/python-daemon/issue/42 |
Akasurde
added a commit
to Akasurde/ansible-runner
that referenced
this issue
May 4, 2022
remove python-daemon since it uses unsupported dependency 'lockfile' Fixes: ansible#379 Signed-off-by: Abhijeet Kasurde <[email protected]>
Akasurde
added a commit
to Akasurde/ansible-runner
that referenced
this issue
Aug 1, 2023
remove python-daemon since it uses unsupported dependency 'lockfile' Fixes: ansible#379 Signed-off-by: Abhijeet Kasurde <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Runner's python dependency chain requires daemon, which in turn require lockfile (at least that's how the rpms are built!). The issue is that lockfile is deprecated - https://pypi.org/project/lockfile/ so any security related issues relating to that package may not be addressed leading to a potential exposure in runner itself.
This is also covered in a downstream BZ - https://bugzilla.redhat.com/show_bug.cgi?id=1758507
The text was updated successfully, but these errors were encountered: