From 68c8eab01d121566f9dbe36e86c3ae523f772cdf Mon Sep 17 00:00:00 2001 From: Kelvin Muchiri Date: Thu, 19 Dec 2024 09:47:47 +0300 Subject: [PATCH] fix vulnerabilities (#2750) fix CVE-2024-53908, CVE-2024-53907, update Docker debian image --- docker/onadata-uwsgi/Dockerfile.ubuntu | 2 +- requirements/azure.in | 2 +- requirements/azure.pip | 2 +- requirements/base.pip | 2 +- requirements/dev.pip | 4 ++-- requirements/s3.in | 2 +- requirements/s3.pip | 2 +- requirements/ses.in | 2 +- requirements/ses.pip | 2 +- setup.cfg | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docker/onadata-uwsgi/Dockerfile.ubuntu b/docker/onadata-uwsgi/Dockerfile.ubuntu index 178b5c409a..a411b242ce 100644 --- a/docker/onadata-uwsgi/Dockerfile.ubuntu +++ b/docker/onadata-uwsgi/Dockerfile.ubuntu @@ -58,7 +58,7 @@ RUN python -m pip install --no-cache-dir -r requirements/docs.pip && \ make -C docs html -FROM debian:bookworm-20241016 as runtime +FROM debian:bookworm-20241202 as runtime ENV DEBIAN_FRONTEND=noninteractive diff --git a/requirements/azure.in b/requirements/azure.in index 6e82e1efc2..895ae832f1 100644 --- a/requirements/azure.in +++ b/requirements/azure.in @@ -1,3 +1,3 @@ cryptography>=43.0.1 -django>=4.2.16,<5 +django>=4.2.17,<5 django-storages[azure] diff --git a/requirements/azure.pip b/requirements/azure.pip index 0806815551..d80c1eef3e 100644 --- a/requirements/azure.pip +++ b/requirements/azure.pip @@ -22,7 +22,7 @@ cryptography==43.0.1 # via # -r requirements/azure.in # azure-storage-blob -django==4.2.16 +django==4.2.17 # via # -r requirements/azure.in # django-storages diff --git a/requirements/base.pip b/requirements/base.pip index 4143730578..1ce76c55ea 100644 --- a/requirements/base.pip +++ b/requirements/base.pip @@ -86,7 +86,7 @@ deprecated==1.2.14 # via onadata dict2xml==1.7.5 # via onadata -django==4.2.16 +django==4.2.17 # via # django-activity-stream # django-cors-headers diff --git a/requirements/dev.pip b/requirements/dev.pip index 8f0dc53e7a..c90c446dbe 100644 --- a/requirements/dev.pip +++ b/requirements/dev.pip @@ -76,7 +76,7 @@ click-plugins==1.1.1 # via celery click-repl==0.3.0 # via celery -cryptography==42.0.8 +cryptography==43.0.1 # via # jwcrypto # onadata @@ -104,7 +104,7 @@ dill==0.3.8 # via pylint distlib==0.3.8 # via virtualenv -django==4.2.16 +django==4.2.17 # via # django-activity-stream # django-cors-headers diff --git a/requirements/s3.in b/requirements/s3.in index 98ca4e956e..bfe02e5c65 100644 --- a/requirements/s3.in +++ b/requirements/s3.in @@ -1,3 +1,3 @@ boto3 -django>=4.2.16,<5 +django>=4.2.17,<5 django-storages diff --git a/requirements/s3.pip b/requirements/s3.pip index aae75a06ac..830bc7cec1 100644 --- a/requirements/s3.pip +++ b/requirements/s3.pip @@ -12,7 +12,7 @@ botocore==1.34.134 # via # boto3 # s3transfer -django==4.2.16 +django==4.2.17 # via # -r requirements/s3.in # django-storages diff --git a/requirements/ses.in b/requirements/ses.in index 9958fa6bfe..0ec0157dc4 100644 --- a/requirements/ses.in +++ b/requirements/ses.in @@ -1,3 +1,3 @@ boto -django>=4.2.16,<5 +django>=4.2.17,<5 django-ses diff --git a/requirements/ses.pip b/requirements/ses.pip index ccaf28b778..47ed5719f1 100644 --- a/requirements/ses.pip +++ b/requirements/ses.pip @@ -14,7 +14,7 @@ botocore==1.34.134 # via # boto3 # s3transfer -django==4.2.16 +django==4.2.17 # via # -r requirements/ses.in # django-ses diff --git a/setup.cfg b/setup.cfg index 3a8c993d53..045a70d35b 100644 --- a/setup.cfg +++ b/setup.cfg @@ -27,7 +27,7 @@ tests_require = httmock requests-mock install_requires = - Django>=4.2.16,<5 + Django>=4.2.17,<5 django-guardian django-registration-redux django-templated-email