🔒️(jaraco) enforce version to fix CVE
Vulnerability in jaraco.context caused security issue in setuptools and python3. change python version to fix see GHSA-58pv-8j8x-9vj2 The CVE is not actionable, anyway, we want to please trivy.
This commit is contained in:
+1
-1
@@ -4,7 +4,7 @@
|
||||
FROM python:3.13.3-alpine AS base
|
||||
|
||||
# Upgrade pip to its latest release to speed up dependencies installation
|
||||
RUN python -m pip install --upgrade pip setuptools
|
||||
RUN python -m pip install --upgrade pip
|
||||
|
||||
# Upgrade system packages to install security updates
|
||||
RUN apk update && \
|
||||
|
||||
@@ -46,6 +46,7 @@ dependencies = [
|
||||
"easy_thumbnails==2.10.1",
|
||||
"factory_boy==3.3.3",
|
||||
"gunicorn==23.0.0",
|
||||
"jaraco.context>=6.1.0",
|
||||
"jsonschema==4.25.1",
|
||||
"langfuse==3.10.0",
|
||||
"lxml==5.4.0",
|
||||
|
||||
Reference in New Issue
Block a user