🔒️(backend) prevent automatic upgrade setuptools
The latest `setuptools` version pulls in a `jaraco.context` version that triggers a Trivy scan failure. `jaraco.context` has a path traversal vulnerability. This fix is inspired by suitenumerique/people, specifically Marie’s PR #1010.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
a50aabeaf8
commit
f9524b2f0a
@@ -8,8 +8,11 @@ and this project adheres to
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [1.3.0] - 2026-01-13
|
||||
### Fixed
|
||||
|
||||
🔒(backend) prevent automatic upgrade setuptools
|
||||
|
||||
## [1.3.0] - 2026-01-13
|
||||
|
||||
### Added
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
FROM python:3.13.5-alpine3.21 AS base
|
||||
|
||||
# Upgrade pip to its latest release to speed up dependencies installation
|
||||
RUN python -m pip install --upgrade pip setuptools
|
||||
RUN python -m pip install --upgrade pip
|
||||
|
||||
# Upgrade system packages to install security updates
|
||||
RUN apk update && \
|
||||
|
||||
Reference in New Issue
Block a user