Merge pull request #22 from Azure-Samples/enchen/uv

Emma-ms · web-flow · commit a8782596b82c · 2025-11-19T10:29:41.000-08:00
Fix pip security vulnerability and uv installation
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -17,7 +17,7 @@
             ]
         }
     },
-    "postCreateCommand": "cd server && pip install git+https://github.com/astral-sh/uv.git && uv sync",
+    "postCreateCommand": "pip install --upgrade pip && cd server && pip install uv && uv sync",
     "remoteUser": "vscode",
     "hostRequirements": {
         "memory": "4gb"
diff --git a/server/Dockerfile b/server/Dockerfile
@@ -27,6 +27,9 @@ ENV UV_LINK_MODE=copy \
 # Create virtual environment explicitly
 RUN python -m venv /app/.venv
 
+# Upgrade pip in the virtual environment to fix security vulnerability GHSA-4xh5-x5gv-qwph
+RUN /app/.venv/bin/pip install --upgrade pip
+
 # Copy dependency files
 COPY pyproject.toml uv.lock /app/
 

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`]`
`18`	`18`	`}`
`19`	`19`	`},`
`20`		`- "postCreateCommand": "cd server && pip install git+https://github.com/astral-sh/uv.git && uv sync",`
	`20`	`+ "postCreateCommand": "pip install --upgrade pip && cd server && pip install uv && uv sync",`
`21`	`21`	`"remoteUser": "vscode",`
`22`	`22`	`"hostRequirements": {`
`23`	`23`	`"memory": "4gb"`