Skip to content

Commit 5a9262c

Browse files
committed
security: update pip and uv to latest versions to fix Trivy alerts
- Update pip from 25.2 to 25.3 (fixes CVE-2025-8869) - Update uv from 0.8.11 to 0.8.12 (fixes GHSA-w476-p2h3-79g9, GHSA-pqhf-p39g-3x64) - Addresses build environment security vulnerabilities - Resolves GitHub security alerts for container dependencies
1 parent 10f1f36 commit 5a9262c

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ RUN apt-get update && \
1717
apt-get clean && \
1818
rm -rf /var/lib/apt/lists/* && \
1919
# Security: Upgrade setuptools to latest version
20-
pip install --no-cache-dir --upgrade pip==25.2 setuptools==80.9.0
20+
pip install --no-cache-dir --upgrade pip==25.3 setuptools==80.9.0
2121
ARG BUILD_DATE
2222
ARG VERSION=dev
2323
ARG VCS_REF
@@ -53,7 +53,7 @@ WORKDIR /app
5353
RUN mkdir -p /app/logs /app/data /app/tmp
5454

5555
# Install UV and create virtual environment in single layer
56-
RUN pip install --no-cache-dir uv==0.8.11 \
56+
RUN pip install --no-cache-dir uv==0.8.12 \
5757
&& uv venv /opt/venv
5858
ENV PATH="/opt/venv/bin:$PATH"
5959

0 commit comments

Comments
 (0)