🔒️(jaraco) enforce version to fix CVE

Vulnerability in jaraco.context caused security issue
in setuptools and python3. change python version to fix
see GHSA-58pv-8j8x-9vj2

The CVE is not actionable, anyway, we want to please
trivy.
This commit is contained in:
Quentin BEY
2026-01-19 14:38:59 +01:00
parent abf61a9556
commit 0b5317a773
2 changed files with 2 additions and 1 deletions
+1 -1
View File
@@ -4,7 +4,7 @@
FROM python:3.13.3-alpine AS base
# Upgrade pip to its latest release to speed up dependencies installation
RUN python -m pip install --upgrade pip setuptools
RUN python -m pip install --upgrade pip
# Upgrade system packages to install security updates
RUN apk update && \
+1
View File
@@ -46,6 +46,7 @@ dependencies = [
"easy_thumbnails==2.10.1",
"factory_boy==3.3.3",
"gunicorn==23.0.0",
"jaraco.context>=6.1.0",
"jsonschema==4.25.1",
"langfuse==3.10.0",
"lxml==5.4.0",