diff --git a/changes/250.changed b/changes/250.changed new file mode 100644 index 00000000..6251501d --- /dev/null +++ b/changes/250.changed @@ -0,0 +1 @@ +Remove parasite verisons of `setuptools` in Dockerfiles and install `setuptools>70.0.0` to tackle last identified CVEs diff --git a/substrafl/remote/register/register.py b/substrafl/remote/register/register.py index f7170421..d562b463 100644 --- a/substrafl/remote/register/register.py +++ b/substrafl/remote/register/register.py @@ -33,7 +33,7 @@ FROM python:{python_version}-slim # update image -RUN apt-get update -y +RUN apt-get update -y && pip uninstall -y setuptools """ _GPU_BASE_IMAGE = """ @@ -62,7 +62,7 @@ ENV PATH="/home/user/venv/bin:$PATH" VIRTUAL_ENV="/home/user/venv" # install dependencies -RUN python{python_version} -m pip install -U pip +RUN python{python_version} -m pip install -U pip && pip install -U setuptools>=70.0.0 # Copy local wheels {copy_wheels} diff --git a/tests/remote/register/test_register.py b/tests/remote/register/test_register.py index 959eb014..1c2c43d6 100644 --- a/tests/remote/register/test_register.py +++ b/tests/remote/register/test_register.py @@ -49,7 +49,7 @@ def test_get_base_docker_image_cpu(): FROM python:3.12-slim # update image -RUN apt-get update -y +RUN apt-get update -y && pip uninstall -y setuptools """ assert expected_dockerfile == _get_base_docker_image("3.12", use_gpu=False) @@ -97,7 +97,7 @@ def test_create_dockerfile(tmp_path, local_installable_module): FROM python:{python_version}-slim # update image -RUN apt-get update -y +RUN apt-get update -y && pip uninstall -y setuptools # create a non-root user RUN addgroup --gid 1001 group @@ -109,7 +109,7 @@ def test_create_dockerfile(tmp_path, local_installable_module): ENV PATH="/home/user/venv/bin:$PATH" VIRTUAL_ENV="/home/user/venv" # install dependencies -RUN python{python_version} -m pip install -U pip +RUN python{python_version} -m pip install -U pip && pip install -U setuptools>=70.0.0 # Copy local wheels COPY {substrafl_wheel} {substrafl_wheel}