SAASMLOPS-1335 Upgrade gunicorn package to remove vulnerability

[brijesh-vora-sp]

What this PR does / why we need it:

Upgrade gunicorn package due to which there is vulnerability.

gunicorn 21.2.0 | CVE-2024-1135 | HIGH

Which issue(s) this PR fixes:

Fixes

[dawid-laszuk-sp]

@brijesh-vora-sp any chance you checked whether this is working correctly? Could you please provide a link to airflow DAG that uses this image?

[brijesh-vora-sp]

Ah, good point. Let me run that.

[brijesh-vora-sp]

@dawid-laszuk-sp Here the Airflow Dags:

• odin-dev: https://airflow.odin-use1-2.ida.cloud.sailpoint.com/dags/feastmaterializer-saasmlops1335-odin-dev/grid?root=
• odin-three - https://airflow.odin-use1-2.ida.cloud.sailpoint.com/dags/feastmaterializer-saasmlops1335-odin-three/grid

[brijesh-vora-sp]

The vulnerability scan report: https://cloudbees-core.ops-dev-use1.cloud.sailpoint.com/deploy/job/image-scan-cve/3095/console
HIGH CVE-2018-20225 is labeled as false positive.

11:49:48  + python /app/cs_imagescan.py --repo 406205545357.dkr.ecr.us-east-1.amazonaws.com/sailpoint/feast-bytewax --skip-push --tag SAASMLOPS-1335 -c us-2
11:49:48  INFO    Downloading Image Scan Report
11:49:59  INFO    Searching for vulnerabilities in scan report...
11:49:59  WARNING HIGH     CVE-2018-20225   Vulnerability detected affecting pip 24.0
11:49:59  INFO    Searching for leaked secrets in scan report...
11:49:59  INFO    Searching for malware in scan report...
11:49:59  INFO    Searching for misconfigurations in scan report...
11:49:59  WARNING Alert: Misconfiguration found
11:49:59  ERROR   Exiting: Vulnerability score threshold exceeded: '500' out of '500'

[dawid-laszuk-sp]

Excellent!