From 5bf9f9c40dd6b80835084e320e893c9dd7618a6f Mon Sep 17 00:00:00 2001 From: Don Bowman Date: Mon, 27 Jan 2025 22:01:19 -0500 Subject: [PATCH] fix: update base packages to resolve various security flaws I have updated the Dockerfile (24.04) and the requirements.txt. I have done some testing and it seems ok, but I suppose there might be some incompatibility somewhere. This resolves a large number of CVE in the various packages. --- Dockerfile | 18 +++----------- requirements.txt | 64 ++++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 46 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6614be6..9d22518 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,4 @@ -# Need to clean this up - had to move to ubuntu:20.04 because -# weasyprint would not properly show SVG icons under -# python:3.8-slim-buster. Using ubuntu increases the image size -# by 250 MB which is terrible. Need to get weasyprint working -# on python image - -#FROM python:3.8-slim-buster AS builder -FROM ubuntu:20.04 AS builder +FROM ubuntu:24.04 AS builder ENV DEBIAN_FRONTEND=noninteractive # Builder stage dependencies aren't needed by the app at runtime @@ -14,16 +7,13 @@ RUN apt-get update && apt-get install -y \ python3-pip \ gcc COPY requirements.txt . -RUN pip install --upgrade pip setuptools wheel -RUN pip install -r requirements.txt +RUN pip install --break-system-packages -r requirements.txt -#FROM python:3.8-slim-buster AS app -FROM ubuntu:20.04 AS app +FROM ubuntu:24.04 AS app ENV DEBIAN_FRONTEND=noninteractive WORKDIR /app -#RUN apt-get update && apt-get install -y libpq5 python3-cffi python3-brotli libpango-1.0-0 libpangoft2-1.0-0 libcairo2 libpangocairo-1.0-0 \ -RUN apt-get update && apt-get install -y libpq5 python3.8 weasyprint=51-2 \ +RUN apt-get update && apt-get install -y libpq5 python3.12 weasyprint \ && rm -rf /var/lib/apt/lists/* COPY --from=builder /usr/local /usr/local/ COPY . . diff --git a/requirements.txt b/requirements.txt index b973cb8..32c3f72 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,35 +1,35 @@ -alembic==1.4.3 -arrow==0.17.0 -Babel==2.10.3 -blinker==1.4 -certifi==2023.7.22 -chardet==3.0.4 -click==8.1.3 -dnspython==2.2.1 +alembic==1.14.1 +arrow==1.3.0 +Babel==2.16.0 +# blinker==1.4 +certifi==2024.12.14 +chardet==5.2.0 +click==8.1.8 +dnspython==2.7.0 email-validator==1.1.1 -Flask==2.2.5 -Flask-Babel==2.0.0 -Flask-Login==0.6.2 -Flask-Mail==0.9.1 -Flask-Migrate==2.5.3 -Flask-Moment==0.10.0 -Flask-Script==2.0.5 -Flask-SQLAlchemy==2.5.1 -idna==2.6 -itsdangerous==2.0.0 -Jinja2==3.0.3 -Mako==1.2.2 -MarkupSafe==2.1.1 +Flask==3.1.0 +Flask-Babel==4.0.0 +Flask-Login==0.6.3 +Flask-Mail==0.10.0 +Flask-Migrate==4.1.0 +Flask-Moment==1.0.6 +Flask-Script==2.0.6 +Flask-SQLAlchemy==3.1.1 +idna==3.10 +itsdangerous==2.2.0 +Jinja2==3.1.5 +Mako==1.3.8 +MarkupSafe==3.0.2 parsedatetime==2.6 -psycopg2==2.8.6 -python-dateutil==2.8.2 -pytz==2022.1 -requests==2.31.0 -six==1.16.0 -SQLAlchemy==1.3.20 -urllib3==1.26.18 +psycopg2==2.9.10 +python-dateutil==2.9.0 +pytz==2024.2 +requests==2.32.3 +six==1.17.0 +SQLAlchemy==2.0.37 +urllib3==2.3.0 #uWSGI==2.0.20 -gunicorn==20.1.0 -Werkzeug==2.3.0 -procrastinate==0.27.0 -weasyprint==58.1 +gunicorn==23.0.0 +Werkzeug==3.1.3 +procrastinate==3.0.0 +weasyprint==63.1