Updates for ubuntu:latest, python 3.10, werkzeug 2.3.7, remove meinheld

[matt-domsch-sp]

Summary

Due to 441 reported CVEs in the docker.io/kong/httpbin:latest image
(Ubuntu focal packages and python libraries), I found it necessary to update the base OS to
ubuntu:latest. Doing so brings in Python 3.10 and updated pipenv. To
resolve the python library CVEs, update the dependencies which include
werkzeug 2.3.7 which necessitates a few minor changes to the
application. Removing (unused) meinheld resolves another CVE.

Full changelog

• Use ubuntu:latest as base image, with all current updates applied
• Use Python 3.10 from base image in a pipenv
• Upgrade python library dependencies

Testing

• Unit tests
• E2E tests

CVEs addressed

• CVE-2013-4235
• CVE-2015-20107
• CVE-2016-20013
• CVE-2016-2781
• CVE-2017-11164
• CVE-2017-13716
• CVE-2018-1000021
• CVE-2018-20657
• CVE-2018-6952
• CVE-2019-1010204
• CVE-2019-10906
• CVE-2019-14322
• CVE-2019-14806
• CVE-2020-11080
• CVE-2020-13844
• CVE-2020-16156
• CVE-2020-19726
• CVE-2020-28493
• CVE-2020-35525
• CVE-2020-35527
• CVE-2020-7658
• CVE-2021-28861
• CVE-2021-33503
• CVE-2021-36222
• CVE-2021-3671
• CVE-2021-37750
• CVE-2021-39537
• CVE-2021-41617
• CVE-2021-4209
• CVE-2021-43618
• CVE-2021-44758
• CVE-2021-45078
• CVE-2021-45261
• CVE-2021-46174
• CVE-2022-1304
• CVE-2022-1586
• CVE-2022-1587
• CVE-2022-2097
• CVE-2022-23491
• CVE-2022-23521
• CVE-2022-2509
• CVE-2022-28321
• CVE-2022-29187
• CVE-2022-29361
• CVE-2022-29458
• CVE-2022-3116
• CVE-2022-3219
• CVE-2022-32206
• CVE-2022-32208
• CVE-2022-32221
• CVE-2022-3437
• CVE-2022-34903
• CVE-2022-3515
• CVE-2022-35252
• CVE-2022-35737
• CVE-2022-37434
• CVE-2022-37454
• CVE-2022-3821
• CVE-2022-38533
• CVE-2022-39253
• CVE-2022-39260
• CVE-2022-40674
• CVE-2022-40897
• CVE-2022-40898
• CVE-2022-41903
• CVE-2022-41916
• CVE-2022-42898
• CVE-2022-4304
• CVE-2022-43552
• CVE-2022-43680
• CVE-2022-4415
• CVE-2022-4450
• CVE-2022-44640
• CVE-2022-44840
• CVE-2022-45061
• CVE-2022-45142
• CVE-2022-45703
• CVE-2022-47629
• CVE-2022-47673
• CVE-2022-47695
• CVE-2022-47696
• CVE-2022-48303
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-0361
• CVE-2023-0464
• CVE-2023-0465
• CVE-2023-0466
• CVE-2023-1667
• CVE-2023-22490
• CVE-2023-2283
• CVE-2023-23916
• CVE-2023-23934
• CVE-2023-23946
• CVE-2023-24329
• CVE-2023-25577
• CVE-2023-25584
• CVE-2023-25585
• CVE-2023-25588
• CVE-2023-25652
• CVE-2023-25815
• CVE-2023-2650
• CVE-2023-26604
• CVE-2023-27043
• CVE-2023-27533
• CVE-2023-27534
• CVE-2023-27535
• CVE-2023-27536
• CVE-2023-27538
• CVE-2023-28321
• CVE-2023-28322
• CVE-2023-29007
• CVE-2023-29383
• CVE-2023-29491
• CVE-2023-2953
• CVE-2023-30861
• CVE-2023-3138
• CVE-2023-31484
• CVE-2023-32681
• CVE-2023-36054
• CVE-2023-38408
• CVE-2023-4016

[CLAassistant]

All committers have signed the CLA.

[pmalek]

Thanks for submitting this PR. I've tested it locally and it seems that the basic functionality is still there.

I left just one small nit comment which I believe might be worth addressing.

[matt-domsch-sp]

I have addressed the version, and not invoked the unit test in the Docker build. I also confirm that this image no longer reports any vulnerabilities by the Wiz scanning tool.

Thanks,
Matt

[pmalek]

@matt-domsch-sp Do you mind rebasing? I've fixed the broken precommit workflow in #37.

[matt-domsch-sp]

rebased onto main.

[pmalek]

Thanks for improving this!

I believe you can submit this form for a contributor's T-shirt: https://docs.google.com/forms/d/e/1FAIpQLSfacQHac-PYIDIrDOi_W2l7cWxBDRIVBs6xE5HnlojPvdhL9g/viewform.

---

It'd be super cool to actually run those tests on CI (not during the image building stage). If you're up for it feel free to submit a PR with that change.