Update Flask-appbuilder and gevent

CHANGELOG.md

@@ -21,6 +21,7 @@ All notable changes to this project will be documented in this file.
 - stackable-base: Mitigate CVE-2023-37920 by removing e-Tugra root certificates ([#673]).
 - hdfs: Exclude unused jars and mitigate snappy-java CVEs by bumping dependency ([#682]).
 - druid: Build from source ([#684]).
+- superset: Updating Flask-AppBuilder and gevent, remove greenlet from 3.1.0-constrains.txt to mitigate CVE-2024-25128 and CVE-2023-41419 ([#686]).
 
 ### Changed
 
@@ -86,6 +87,7 @@ All notable changes to this project will be documented in this file.
 [#682]: https://github.com/stackabletech/docker-images/pull/682
 [#684]: https://github.com/stackabletech/docker-images/pull/684
 [#685]: https://github.com/stackabletech/docker-images/pull/685
+[#686]: https://github.com/stackabletech/docker-images/pull/686
 [#688]: https://github.com/stackabletech/docker-images/pull/688
 
 ## [24.3.0] - 2024-03-20

superset/constraints-3.1.0.txt

@@ -98,7 +98,8 @@ flask==2.2.5
     #   flask-session
     #   flask-sqlalchemy
     #   flask-wtf
-flask-appbuilder==4.3.10
+# Bumping 4.3.10 -> 4.3.11 to get rid of CVE-2024-25128
+flask-appbuilder==4.3.11
     # via apache-superset
 flask-babel==1.0.0
     # via flask-appbuilder
@@ -134,7 +135,9 @@ geographiclib==1.52
     # via geopy
 geopy==2.2.0
     # via apache-superset
-greenlet==2.0.2
+# Letting python decide which greenlet version to compile at
+# since we diverge from the vendor to fix CVE's
+# greenlet==2.0.2
     # via
     #   shillelagh
     #   sqlalchemy
@@ -383,7 +386,9 @@ zipp==3.15.0
     #   importlib-metadata
     #   importlib-resources
 # from https://github.com/apache/superset/blob/3.1.0/requirements/docker.txt
-gevent==22.10.2
+# Bumped 22.10.2 -> 24.2.1 version to get rid of
+# CVE-2023-41419
+gevent==24.2.1
     # via -r requirements/docker.in
 psycopg2-binary==2.9.6
     # via apache-superset