studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(backend) prevent automatic upgrade setuptools

Browse Source 
The latest `setuptools` version pulls in a `jaraco.context` version that
triggers a Trivy scan failure. `jaraco.context` has a path traversal
vulnerability.

This fix is inspired by suitenumerique/people, specifically Marie’s PR #1010.
This commit is contained in:
lebaudantoine
2026-01-19 12:03:45 +01:00
committed by aleb_the_flash
parent a50aabeaf8
commit f9524b2f0a
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@@ -8,8 +8,11 @@ and this project adheres to
## [Unreleased] ## [Unreleased]
## [1.3.0] - 2026-01-13 ### Fixed
🔒(backend) prevent automatic upgrade setuptools
## [1.3.0] - 2026-01-13
### Added ### Added

2
Dockerfile
View File

@@ -4,7 +4,7 @@
FROM python:3.13.5-alpine3.21 AS base FROM python:3.13.5-alpine3.21 AS base
# Upgrade pip to its latest release to speed up dependencies installation # Upgrade pip to its latest release to speed up dependencies installation
RUN python -m pip install --upgrade pip setuptools RUN python -m pip install --upgrade pip
# Upgrade system packages to install security updates # Upgrade system packages to install security updates
RUN apk update && \ RUN apk update && \