Pull in patches for security vulnerabilities

Question

Pull in patches for security vulnerabilities

sgoings opened this issue 8 years ago · 2 comments

The 2.0.0 release of slugrunner has a few unpatched security vulnerabilities (medium + lower):

https://quay.io/repository/deis/slugrunner/image/d89fe58c8bc2356f494c7e5b0a9540cf10b588dea206413a68c8dcc220ffe04d?tab=vulnerabilities

We should pull in updated packages where appropriate.

Answer 1 · 2016-07-18T21:05:36.000Z

moving out of 2.2, to be addressed in the near future

Answer 2 · 2016-07-18T23:09:40.000Z

Heroku hasn't pushed a new cedar stack to github in 2 months. Is there anything that can be done besides maintaining our own fork of the cedar stack that is more up to date?