command-service vulnerabilities fixes (#55)

Sanketika-Obsrv · Nov 15, 2023 · 5df0c26 · 5df0c26
1 parent aa108f0
commit 5df0c26
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/command-service/Dockerfile b/command-service/Dockerfile
@@ -1,15 +1,13 @@
-FROM ubuntu:latest AS ubuntu
-RUN apt-get update && apt-get install -y curl
-
-RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
-RUN chmod +x ./kubectl
-RUN mv ./kubectl /usr/local/bin
-
 FROM --platform=linux/amd64 python:3.10-alpine
 COPY --from=ubuntu /usr/local/bin /usr/local/bin
+
+RUN apk update && apk add curl jq && curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && chmod +x kubectl && mv kubectl /usr/local/bin/
+
+RUN apk add libcrypto3=3.1.4-r0
+RUN apk upgrade
 WORKDIR /app
 COPY command-service/requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY command-service/src ./src
 WORKDIR /app/src
-CMD [ "uvicorn", "routes:app", "--host", "0.0.0.0" ]
+CMD [ "uvicorn", "routes:app", "--host", "0.0.0.0" ]
diff --git a/command-service/requirements.txt b/command-service/requirements.txt
@@ -1,6 +1,6 @@
 fastapi==0.103.0
 uvicorn==0.20.0
 dataclasses-json==0.5.7
-urllib3==1.26.17
+urllib3==2.0.7
 pyyaml==6.0.1
-backoff==2.2.1
+backoff==2.2.1