Upgrade waitress to patch CVE-2022-31015

Remove pip to close IN1-PYTHON-PIP-1278135
apt-get upgrade to close CVE-2022-1664, CVE-2022-1304, and CVE-2022-2068
This commit is contained in:
JonWiggins 2022-07-25 17:26:38 +00:00 committed by jonwiggins
parent ed764ce81b
commit b6219cb605
4 changed files with 22 additions and 12 deletions

View file

@ -11,21 +11,23 @@ RUN apt-get update -qq \
&& apt-get clean \
&& rm -rf /var/lib/apt
RUN apt-get update && apt-get upgrade --assume-yes
RUN pip install --upgrade pip
COPY . .
RUN if [ "$with_models" = "true" ]; then \
# install only the dependencies first
pip install -e .; \
# initialize the language models
if [ ! -z "$models" ]; then \
./install_models.py --load_only_lang_codes "$models"; \
else \
./install_models.py; \
fi \
fi
# install only the dependencies first
pip install -e .; \
# initialize the language models
if [ ! -z "$models" ]; then \
./install_models.py --load_only_lang_codes "$models"; \
else \
./install_models.py; \
fi \
fi
# Install package from source code
RUN pip install . \
&& pip cache purge

View file

@ -9,4 +9,10 @@ services:
restart: unless-stopped
ports:
- 5000:5000
command: --gpus all
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]

View file

@ -12,7 +12,9 @@ RUN apt-get update -qq \
&& apt-get clean \
&& rm -rf /var/lib/apt
RUN pip3 install --upgrade pip
RUN apt-get update && apt-get upgrade --assume-yes
RUN pip3 install --upgrade pip && apt-get remove python3-pip --assume-yes
COPY . .

View file

@ -3,7 +3,7 @@ Flask==2.1.2
flask-swagger==0.2.14
flask-swagger-ui==3.36.0
Flask-Limiter==2.4.5.1
waitress==2.1.1
waitress==2.1.2
expiringdict==1.2.1
pyicu>=2.8
pycld2==0.41