From b6219cb60516a0353148de59196b7a2f10a63ccd Mon Sep 17 00:00:00 2001
From: JonWiggins <me@jonwiggins.org>
Date: Mon, 25 Jul 2022 17:26:38 +0000
Subject: [PATCH] Upgrade waitress to patch CVE-2022-31015 Remove pip to close
 IN1-PYTHON-PIP-1278135 apt-get upgrade to close CVE-2022-1664, CVE-2022-1304,
 and CVE-2022-2068

---
 Dockerfile              | 20 +++++++++++---------
 docker-compose.cuda.yml |  8 +++++++-
 docker/Dockerfile.cuda  |  4 +++-
 requirements.txt        |  2 +-
 4 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9aae39e..f6de520 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,21 +11,23 @@ RUN apt-get update -qq \
   && apt-get clean \
   && rm -rf /var/lib/apt
 
+RUN apt-get update && apt-get upgrade --assume-yes
+
 RUN pip install --upgrade pip
 
 COPY . .
 
 
 RUN if [ "$with_models" = "true" ]; then  \
-        # install only the dependencies first
-        pip install -e .;  \
-        # initialize the language models
-        if [ ! -z "$models" ]; then \
-                  ./install_models.py --load_only_lang_codes "$models";   \
-        else \
-                  ./install_models.py;  \
-        fi \
-    fi
+  # install only the dependencies first
+  pip install -e .;  \
+  # initialize the language models
+  if [ ! -z "$models" ]; then \
+  ./install_models.py --load_only_lang_codes "$models";   \
+  else \
+  ./install_models.py;  \
+  fi \
+  fi
 # Install package from source code
 RUN pip install . \
   && pip cache purge
diff --git a/docker-compose.cuda.yml b/docker-compose.cuda.yml
index 5f8beaa..4535243 100644
--- a/docker-compose.cuda.yml
+++ b/docker-compose.cuda.yml
@@ -9,4 +9,10 @@ services:
     restart: unless-stopped
     ports:
       - 5000:5000
-    command: --gpus all
+    deploy:
+      resources:
+        reservations:
+          devices:
+            - driver: nvidia
+              count: 1
+              capabilities: [gpu]
diff --git a/docker/Dockerfile.cuda b/docker/Dockerfile.cuda
index 337a32d..6bd1603 100644
--- a/docker/Dockerfile.cuda
+++ b/docker/Dockerfile.cuda
@@ -12,7 +12,9 @@ RUN apt-get update -qq \
     && apt-get clean \
     && rm -rf /var/lib/apt
 
-RUN pip3 install --upgrade pip
+RUN apt-get update && apt-get upgrade --assume-yes
+
+RUN pip3 install --upgrade pip && apt-get remove python3-pip --assume-yes
 
 COPY . .
 
diff --git a/requirements.txt b/requirements.txt
index 9ea3949..87ad661 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ Flask==2.1.2
 flask-swagger==0.2.14
 flask-swagger-ui==3.36.0
 Flask-Limiter==2.4.5.1
-waitress==2.1.1
+waitress==2.1.2
 expiringdict==1.2.1
 pyicu>=2.8
 pycld2==0.41