fix(horizon): fix cves in image
diff --git a/images/base/Earthfile b/images/base/Earthfile
index 89449e0..8d3c3b4 100644
--- a/images/base/Earthfile
+++ b/images/base/Earthfile
@@ -1,5 +1,9 @@
VERSION 0.7
image:
- FROM ubuntu:jammy
+ FROM ubuntu:jammy-20240111
LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
+ # TODO(mnaser): Remove this when a new image that includes 1.4.0-11ubuntu2.4 is released.
+ # https://avd.aquasec.com/nvd/cve-2024-22365
+ DO ../+APT_INSTALL \
+ --PACKAGES "libpam0g libpam-modules libpam-modules-bin libpam-runtime"
diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile
index dce33cb..11fb292 100644
--- a/images/openstack-service/Earthfile
+++ b/images/openstack-service/Earthfile
@@ -43,6 +43,11 @@
END
GIT CLONE --branch ${BRANCH} https://github.com/openstack/requirements /src
RUN \
+ sed -i 's/cryptography===40.0.2/cryptography===41.0.7/' /src/upper-constraints.txt && \
+ sed -i 's/Django===3.2.18/Django===3.2.23/' /src/upper-constraints.txt && \
+ sed -i 's/pyOpenSSL===23.1.1/pyOpenSSL===23.3.0/' /src/upper-constraints.txt && \
+ sed -i 's/requests===2.28.2/requests===2.31.0/' /src/upper-constraints.txt && \
+ sed -i 's/urllib3===1.26.15/urllib3===1.26.18/' /src/upper-constraints.txt && \
sed -i '/glance-store/d' /src/upper-constraints.txt && \
sed -i '/horizon/d' /src/upper-constraints.txt
SAVE ARTIFACT /src/upper-constraints.txt
@@ -65,7 +70,7 @@
python3-pip \
python3-venv"
RUN --mount type=cache,target=/root/.cache \
- python3 -m venv --upgrade --system-site-packages /var/lib/openstack
+ python3 -m venv --upgrade-deps --system-site-packages /var/lib/openstack
COPY \
(+requirements/upper-constraints.txt --RELEASE=${RELEASE}) \
/upper-constraints.txt