is there any reason robusta has to stick with python 3.9?

[tuananh-vpbank]

is there any reason robusta need to stick with python 3.9.

i know that python 3.9 still more than a year left til EOL but the base image has way too many known CVEs. It would be awesome if we can update to a more secure base image.

[github-actions]

Hi 👋, thanks for opening an issue! Please note, it may take some time for us to respond, but we'll get back to you as soon as we can!

• 💬 Slack Community: Join Robusta team and other contributors on Slack here.
• 📖 Docs: Find our documentation here.
• 🎥 YouTube Channel: Watch our videos here.

[aantn]

Hi @tuananh-vpbank,
We're planning to handle the CVEs soon, either by updating to the latest python or staying with python 3.9 and changing the base image. Hope to update soon!

[aantn]

And to answer your original question, I don't think there's a fundamental reason to stay w/ 3.9. Just requires testing and verifying that there isn't an issue with any of the dependencies.

[Flou21]

is there a concrete plan to fix / release this
the issue #819 has been open for a year without any feedback

I really like using robusta and think it's a bummer that this problem exists at all

[aantn]

Yes, we plan to fix it in the next few weeks. I've discussed internally and we're prioritizing this.