OpenStack Charm Dependency Dashboard

177 charms · 133 packages · 52 issues · 2026-03-18 04:16
Charms
177
Critical
14
Warning
31
Info
7
Packages
133
Git Deps
437
Top Priority Issues

The most impactful dependency issues across all charms. Fixing these first yields the highest return — each affects dozens of charms simultaneously.

1
requests critical 97 charms

Pinned to >=2.18.4, >=1.1.0. 6 known vulnerabilities (CVE-2014-1830, CVE-2024-47081, CVE-2024-35195). Latest: 2.32.5.

CVE-2014-1830 CVE-2024-47081 CVE-2024-35195

Upper bound pin restricts to older versions with known CVEs.

2
psutil critical 82 charms

Pinned to >=1.1.1,<2.0.0, ~= 5.9.5. 1 known vulnerabilities (CVE-2019-18874). Latest: 7.2.2.

CVE-2019-18874

cinder-lvm

3
cryptography critical 81 charms

Pinned to <3.4. 6 known vulnerabilities (GHSA-39hc-v87j-747x, CVE-2023-50782, GHSA-5cpq-8wj7-hf2v). Latest: 46.0.5.

GHSA-39hc-v87j-747x CVE-2023-50782 GHSA-5cpq-8wj7-hf2v

charm-tools has an indirect dependency to cryptography. Newer versions require a Rust compiler to build, see

Charm Health

Each charm scored 0-100 based on dependency health. Red = critical CVE exposure or severe conflicts. Click any charm to see its specific issues and source repository.

60
infoblox
8
60
panko
8
60
template-api
8
60
template-neutron-plugin
8
64
ceph-proxy
2 1
64
nova-compute
2 1
65
keystone-saml-mellon
2 1
69
ceilometer
2
69
ceilometer-agent
2
69
ceph-osd
2
69
ceph-radosgw
2
69
cinder
2
69
cinder-ceph
2
69
glance
2
69
glance-simplestreams-sync
2
69
heat
2
69
keystone
2
69
neutron-api
2
69
neutron-gateway
2
69
neutron-openvswitch
2
69
nova-cloud-controller
2
69
openstack-dashboard
2
69
swift-proxy
2
69
swift-storage
2
70
barbican-softhsm
6
74
trilio-data-mover
1 2
74
trilio-dm-api
1 2
74
trilio-horizon-plugin
1 2
74
trilio-wlm
1 2
78
cinder-dell-emc-powerstore
1 1
78
cinder-ibm-storwize-svc
1 1
78
layer-openstack-principle
1 1
78
octavia
1 1
79
cinder-backup
1 1
79
cinder-netapp
1 1
79
mysql-router
1 1
79
octavia-diskimage-retrofit
1 1
79
percona-cluster
1 1
79
rabbitmq-server
1 1
80
arista-virt-test-fixture
1 1
80
ceph-fs
1 1
80
ceph-mon
1 1
80
ceph-rbd-mirror
1 1
80
tempest
4
83
keystone-ldap
1
83
mysql-innodb-cluster
1
83
watcher
1
84
aodh
1
84
barbican
1
84
barbican-vault
1
84
cinder-backup-swift-proxy
1
84
cinder-lvm
1
84
cinder-purestorage
1
84
designate
1
84
designate-bind
1
84
gnocchi
1
84
hacluster
1
84
ironic-api
1
84
ironic-conductor
1
84
keystone-kerberos
1
84
magnum
1
84
magnum-dashboard
1
84
manila
1
84
manila-dashboard
1
84
manila-ganesha
1
84
manila-generic
1
84
manila-netapp
1
84
masakari
1
84
masakari-monitors
1
84
neutron-api-plugin-arista
1
84
neutron-api-plugin-ironic
1
84
neutron-api-plugin-ovn
1
84
neutron-dynamic-routing
1
84
nova-cell-controller
1
84
octavia-dashboard
1
84
ovn-central
1
84
pacemaker-remote
1
84
placement
1
84
vault
1
84
watcher-dashboard
1
89
ceph-iscsi
2
90
neutron-arista
2
94
ceph-dashboard
1
94
layer-ceph-base
1
94
magnum-k8s
1
95
bcache-tuning
1
95
interface-keystone-admin
1
95
interface-panko
1
95
ironic
1
95
kerberos-keytab
1
95
keystone-ico
1
95
layer-ceph
1
95
layer-openstack
1
95
specs
1
95
trilio-data-mover-api
1
95
woodpecker
1
95
zuul-jobs
1
97
nova-compute-operator
99
guide
99
layer-openstack-api
100
aodh-k8s
100
barbican-k8s
100
bind-k8s
100
ceilometer-k8s
100
ceph-nfs
100
cinder-nfs
100
cinder-nimblestorage
100
cinder-ns5
100
cinder-solidfire
100
cinder-three-par
100
cloudkitty
100
deployment-guide
100
designate-k8s
100
discoveryserver
100
interface-barbican-secrets
100
interface-bgp
100
interface-bind-rndc
100
interface-ceph-client
100
interface-ceph-rbd-mirror
100
interface-cinder-backend
100
interface-cinder-backup
100
interface-dashboard-plugin
100
interface-designate
100
interface-gnocchi
100
interface-hacluster
100
interface-keystone
100
interface-keystone-credentials
100
interface-keystone-domain-backend
100
interface-keystone-fid-service-provider
100
interface-keystone-notifications
100
interface-magpie
100
interface-manila-plugin
100
interface-mysql-innodb-cluster
100
interface-mysql-router
100
interface-mysql-shared
100
interface-neutron-api
100
interface-neutron-load-balancer
100
interface-neutron-plugin
100
interface-neutron-plugin-api-subordinate
100
interface-nova-cell
100
interface-nova-compute
100
interface-openstack-ha
100
interface-ovsdb
100
interface-pacemaker-remote
100
interface-placement
100
interface-prometheus-scrape
100
interface-rabbitmq
100
interface-service-control
100
interface-vault-kv
100
interface-websso-fid-service-provider
100
ironic-dashboard
100
kerberos-test-fixture
100
keystone-ldap-k8s
100
keystone-openidc
100
keystone-openidc-k8s
100
kingfisher
100
layer-ovn
100
ldap-test-fixture-k8s
100
magpie
100
manila-flashblade
100
nova-compute-nvidia-vgpu
100
openidc-test-fixture
100
openstack-exporter-k8s
100
openstack-hypervisor
100
openstack-loadbalancer
100
ops-interface-ceph-client
100
ops-interface-ceph-iscsi-admin-access
100
ops-interface-openstack-loadbalancer
100
ops-interface-tls-certificates
100
ops-openstack
100
osci-frr
100
ovn-chassis
100
ovn-dedicated-chassis
100
quagga
100
sunbeam-machine
100
template-manila-plugin
100
zookeeper-k8s
Priority Board

Issues organized by severity. Each card shows the affected package, root cause, impact, and number of charms that benefit from fixing it.

Critical (14)
requests CVE

Pinned to >=2.18.4, >=1.1.0. 6 known vulnerabilities (CVE-2014-1830, CVE-2024-47081, CVE-2024-35195). Latest: 2.32.5.

Upper bound pin restricts to older versions with known CVEs.

>=2.18.4 >=1.1.0 97 charms
psutil CVE

Pinned to >=1.1.1,<2.0.0, ~= 5.9.5. 1 known vulnerabilities (CVE-2019-18874). Latest: 7.2.2.

cinder-lvm

>=1.1.1,<2.0.0 ~= 5.9.5 82 charms
cryptography CVE

Pinned to <3.4. 6 known vulnerabilities (GHSA-39hc-v87j-747x, CVE-2023-50782, GHSA-5cpq-8wj7-hf2v). Latest: 46.0.5.

charm-tools has an indirect dependency to cryptography. Newer versions require a Rust compiler to bu

<3.4 81 charms
ops Conflict

Different charms pin ops to incompatible ranges (>= 1.2.0, >= 1.5.0). Breaks unified environments.

Each charm pinned independently to different upper bounds.

>= 1.2.0 >= 1.5.0 33 charms
charm_tools Conflict

Different charms pin charm_tools to incompatible ranges (>=2.4.4, ==2.8.3). Breaks unified environments.

Each charm pinned independently to different upper bounds.

>=2.4.4 ==2.8.3 31 charms
setuptools CVE

Pinned to <50.0.0, <82. 4 known vulnerabilities (CVE-2013-1633, CVE-2025-47273, CVE-2024-6345). Latest: 82.0.1.

requirements.txt

<50.0.0 <82 28 charms
netaddr Conflict

Different charms pin netaddr to incompatible ranges (>0.7.16,<0.8.0, >=0.7.12,!=0.7.16). Breaks unified environments.

Strange import error with newer netaddr:

>0.7.16,<0.8.0 >=0.7.12,!=0.7.16 28 charms
importlib_resources Conflict

Different charms pin importlib_resources to incompatible ranges (<3.0.0, <1.1.0). Breaks unified environments.

importlib-resources 1.1.0 removed Python 3.5 support

<3.0.0 <1.1.0 17 charms
osprofiler Conflict

Different charms pin osprofiler to incompatible ranges (<2.7.0). Breaks unified environments.

Some Zuul nodes sometimes pull newer versions of these dependencies which dropped support for python

<2.7.0 12 charms
jsonschema Conflict

Different charms pin jsonschema to incompatible ranges (<4.18.0, <=4.10). Breaks unified environments.

The dependency is present as we test various inputs to config options (including invalid ones) which

<4.18.0 <=4.10 9 charms
pyopenssl CVE

Pinned to <=22.0.0. 5 known vulnerabilities (CVE-2018-1000808, CVE-2026-27459, CVE-2013-4314). Latest: 26.0.0.

icey: pyopenssl 22 introduces a requirement on newer OpenSSL which causes test failures. Pin pyopens

<=22.0.0 9 charms
python_cinderclient Conflict

Different charms pin python_cinderclient to incompatible ranges (>=1.4.0,<2.0, >=1.4.0,<5.0.0). Breaks unified environme

Each charm pinned independently to different upper bounds.

>=1.4.0,<2.0 >=1.4.0,<5.0.0 6 charms
pika Conflict

Different charms pin pika to incompatible ranges (>=0.10.0,<1.0). Breaks unified environments.

Each charm pinned independently to different upper bounds.

>=0.10.0,<1.0 6 charms
gnocchiclient Conflict

Different charms pin gnocchiclient to incompatible ranges (>=3.1.0,<3.2.0). Breaks unified environments.

Each charm pinned independently to different upper bounds.

>=3.1.0,<3.2.0 2 charms
Warning (31)
zaza Git

Unpinned git dependency (master) across 100 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 100 charms
zaza.openstack Git

Unpinned git dependency (master) across 99 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 99 charms
flake8 Outdated

Pinned to >=2.2.4,<=2.4.1, >=2.2.4 but latest is 7.3.0. Multiple major versions behind.

Upper bound pin from older release, not updated since.

>=2.2.4,<=2.4.1 >=2.2.4 92 charms
charms.openstack Git

Unpinned git dependency (master) across 81 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 81 charms
pbr Outdated

Pinned to ==5.6.0, !=2.1.0,>=2.0.0 but latest is 7.0.3. Multiple major versions behind.

vault

==5.6.0 !=2.1.0,>=2.0.0 76 charms
unknown Git

Unpinned git dependency (master) across 44 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 44 charms
tempest Git

Unpinned git dependency (master) across 24 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 24 charms
ops_openstack Git

Unpinned git dependency (master) across 21 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 21 charms
charmhelpers Git

Unpinned git dependency (master) across 16 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 16 charms
importlib_metadata Outdated

Pinned to <3.0.0 but latest is 8.7.1. Multiple major versions behind.

"ModuleNotFoundError") requirements.txt

<3.0.0 13 charms
stevedore Outdated

Pinned to <1.31.0 but latest is 5.7.0. Multiple major versions behind.

Upper bound pin from older release, not updated since.

<1.31.0 12 charms
oslo_utils Outdated

Pinned to <=3.41.0 but latest is 10.0.0. Multiple major versions behind.

Upper bound pin from older release, not updated since.

<=3.41.0 12 charms
ops_sunbeam Git

Unpinned git dependency (master) across 11 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 11 charms
python_keystoneclient Outdated

Pinned to >=1.7.1,<2.0, >=1.7.1 but latest is 5.8.0. Multiple major versions behind.

keystone-k8s

>=1.7.1,<2.0 >=1.7.1 8 charms
tempest;python_version>='3.8' Git

Unpinned git dependency (master) across 7 charms. Breaking changes propagate instantly.

No branch pin — tracks latest master.

master (unpinned) branch-pinned 7 charms
Info (7)
cffi Pinned

Exact pin ==1.14.6 prevents receiving updates. Latest: 2.0.0.

cffi 1.15.0 drops support for py35

==1.14.6 22 charms
pyflakes Pinned

Exact pin ==2.1.1, ==2.4.0 prevents receiving updates. Latest: 3.4.0.

Pinned to exact version for reproducible builds.

==2.1.1 ==2.4.0 3 charms
oslo_i18n Pinned

Exact pin <4.0.0, ==5.1.0 prevents receiving updates. Latest: 6.7.2.

oslo.i18n dropped py35 support

<4.0.0 ==5.1.0 1 charms
charmcraft Pinned

Exact pin ==0.3.0 prevents receiving updates. Latest: 4.2.0.

Pinned to exact version for reproducible builds.

==0.3.0 1 charms
sphinxcontrib_spelling Pinned

Exact pin ==8.0.1 prevents receiving updates. Latest: 8.0.2.

Pinned to exact version for reproducible builds.

==8.0.1 1 charms
openstacksdk Pinned

Exact pin ==3.0.0 prevents receiving updates. Latest: 4.10.0.

Pinned to exact version for reproducible builds.

==3.0.0 1 charms
ruamel_yaml Pinned

Exact pin ==0.10.12 prevents receiving updates. Latest: 0.19.1.

Pinned to exact version for reproducible builds.

==0.10.12 1 charms