Upgrade waitress to patch CVE-2022-31015

Remove pip to close IN1-PYTHON-PIP-1278135
apt-get upgrade to close CVE-2022-1664, CVE-2022-1304, and CVE-2022-2068

Dockerfile

@@ -11,21 +11,23 @@ RUN apt-get update -qq \
   && apt-get clean \
   && rm -rf /var/lib/apt
 
+RUN apt-get update && apt-get upgrade --assume-yes
+
 RUN pip install --upgrade pip
 
 COPY . .
 
 
 RUN if [ "$with_models" = "true" ]; then  \
-        # install only the dependencies first
-        pip install -e .;  \
-        # initialize the language models
-        if [ ! -z "$models" ]; then \
-                  ./install_models.py --load_only_lang_codes "$models";   \
-        else \
-                  ./install_models.py;  \
-        fi \
-    fi
+  # install only the dependencies first
+  pip install -e .;  \
+  # initialize the language models
+  if [ ! -z "$models" ]; then \
+  ./install_models.py --load_only_lang_codes "$models";   \
+  else \
+  ./install_models.py;  \
+  fi \
+  fi
 # Install package from source code
 RUN pip install . \
   && pip cache purge

docker-compose.cuda.yml

@@ -9,4 +9,10 @@ services:
     restart: unless-stopped
     ports:
       - 5000:5000
-    command: --gpus all
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]

docker/Dockerfile.cuda

@@ -12,7 +12,9 @@ RUN apt-get update -qq \
     && apt-get clean \
     && rm -rf /var/lib/apt
 
-RUN pip3 install --upgrade pip
+RUN apt-get update && apt-get upgrade --assume-yes
+
+RUN pip3 install --upgrade pip && apt-get remove python3-pip --assume-yes
 
 COPY . .
 

requirements.txt

@@ -3,7 +3,7 @@ Flask==2.1.2
 flask-swagger==0.2.14
 flask-swagger-ui==3.36.0
 Flask-Limiter==2.4.5.1
-waitress==2.1.1
+waitress==2.1.2
 expiringdict==1.2.1
 pyicu>=2.8
 pycld2==0.41